OpenID passwordhash_bcrypt


I have setup the SG to use OpenID with Google.
Firstly the documentation example json config uses an ‘_’ in ‘google_explicit’ which is not allowed by the SG, please rectify the documentation.

Then is seems that the validation_key is the client_secret at least from Google’s OpenID. There is no hint anywhere that this is the client_secret. Some trial & error approach let to the solution.

Anyway what I’m curious about is what is stored in the passwordhash_bcrypt. When “register” key is set to true, two documents are created:

The second one references the first one, for what purpose? Where can I find any documentation on the automatic creation of these documents?

Since the password is not provided to the SG I’m curious about what is stored in the passwordhash_bcrypt key in the document. If it is documented then I clearly haven’t put much effort in it and would appreciate a link. If it is not documented please elaborate. Thank you.