X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/03a058154008f9c0bd8cfca0ab5ba891252a48d3..db14d5a612dd8db80a97d954f3364f23f21b005d:/services/api/app/models/api_client_authorization.rb

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 726061a4ab..52922d32b1 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -131,7 +131,7 @@ class ApiClientAuthorization < ArvadosModel
     end
 
     # Usually, the secret is salted
-    salted_secret = OpenSSL::HMAC.hexdigest('sha1', secret, remote)
+    salted_secret = OpenSSL::HMAC.hexdigest('sha1', Rails.configuration.Users.AnonymousUserToken, remote)
 
     # The anonymous token could be specified as a full v2 token in the config,
     # but the config loader strips it down to the secret part.