OAuth2 client_secret stored in plain text in the database

If an attacker would obtain a dumb of the database they could read out the OAuth2 client secret trivially. https://github.com/nextcloud/server/blob/master/apps/oauth2/lib/Controller/OauthApiController.php#L128 While I realise this is a big if it is not that hard to make sure the client secret is stored properly hashed. Or at the very least make sure it is stored encrypted. (however non recoverable has the preference here I'd say) ## Impact An attacker obtaining the read access to a dump of the database can trivially impersonate any OAuth2 client.