formatting

src/Bridge/ClientRepository.php

@@ -87,16 +87,16 @@ protected function handlesGrant($record, $grantType)
     }
 
     /**
+     * Verify the client secret is valid.
+     *
      * @param  string  $clientSecret
      * @param  string  $storedHash
      * @return bool
      */
     protected function verifySecret($clientSecret, $storedHash)
     {
-        if (Passport::$useHashedClientSecrets) {
-            $clientSecret = hash('sha256', $clientSecret);
-        }
-
-        return hash_equals($storedHash, $clientSecret);
+        return Passport::$hashesClientSecrets
+                    ? hash_equals($storedHash, hash('sha256', $clientSecret))
+                    : hash_equals($storedHash, $clientSecret);
     }
 }

src/Client.php

@@ -42,7 +42,7 @@ class Client extends Model
     ];
 
     /**
-     * The temporary non-hashed client secret.
+     * The temporary plain-text client secret.
      *
      * @var string|null
      */
@@ -83,9 +83,7 @@ public function tokens()
     /**
      * The temporary non-hashed client secret.
      *
-     * If you're using hashed client secrets, this value will only be available
-     * once during the request the client was created. Afterwards, it cannot
-     * be retrieved or decrypted anymore.
+     * This is only available once during the request that created the client.
      *
      * @return string|null
      */
@@ -95,13 +93,16 @@ public function getPlainSecretAttribute()
     }
 
     /**
-     * @param string|null $value
+     * Set the value of the secret attribute.
+     *
+     * @param  string|null  $value
+     * @return void
      */
     public function setSecretAttribute($value)
     {
         $this->plainSecret = $value;
 
-        if ($value === null || ! Passport::$useHashedClientSecrets) {
+        if (is_null($value) || ! Passport::$hashesClientSecrets) {
             $this->attributes['secret'] = $value;
 
             return;

src/Passport.php

@@ -149,7 +149,7 @@ class Passport
     /**
      * @var bool
      */
-    public static $useHashedClientSecrets = false;
+    public static $hashesClientSecrets = false;
 
     /**
      * Indicates the scope should inherit its parent scope.
@@ -631,25 +631,25 @@ public static function refreshToken()
     }
 
     /**
-     * Configure Passport to not register its migrations.
+     * Configure Passport to hash client credential secrets.
      *
      * @return static
      */
-    public static function ignoreMigrations()
+    public static function hashClientSecrets()
     {
-        static::$runsMigrations = false;
+        static::$hashesClientSecrets = true;
 
         return new static;
     }
 
     /**
-     * Configure Passport to hash client credential secrets.
+     * Configure Passport to not register its migrations.
      *
      * @return static
      */
-    public static function useHashedClientSecrets()
+    public static function ignoreMigrations()
     {
-        static::$useHashedClientSecrets = true;
+        static::$runsMigrations = false;
 
         return new static;
     }

tests/BridgeClientRepositoryHashedSecretsTest.php

@@ -11,7 +11,7 @@ class BridgeClientRepositoryHashedSecretsTest extends BridgeClientRepositoryTest
 {
     protected function setUp(): void
     {
-        Passport::useHashedClientSecrets();
+        Passport::hashClientSecrets();
 
         $clientModelRepository = m::mock(ClientRepository::class);
         $clientModelRepository->shouldReceive('findActive')

tests/BridgeClientRepositoryTest.php

@@ -23,7 +23,7 @@ class BridgeClientRepositoryTest extends TestCase
 
     protected function setUp(): void
     {
-        Passport::$useHashedClientSecrets = false;
+        Passport::$hashesClientSecrets = false;
 
         $clientModelRepository = m::mock(ClientRepository::class);
         $clientModelRepository->shouldReceive('findActive')