Automatic update client secrets to match current configuration

[gi-wg2]

I am not able to find anything about this in any issue, so sorry if this has been discussed already.

We do have some clients using bcrypt with cost factor of 10, which was the default at that time.
Would it be possible to let Hydra automatically rehash the secrets on successful auth, if the current hash algorithm and cost factor does not match config?

That is, as bcrypt cost factor or e.g. switching to PBKDF2, would it be possible to let Hydra store the secret with the new config?

[vinckr]

No need to apologize, you did a search and if nothing comes up, opening a discussion is great!

AFAIK you can only rotate JSON Web Token Signing Keys and HMAC Token Signing and Database and Cookie Encryption Keys. I will do some asking around if it came up before, and maybe someone else has another idea.