Apply suggestions from code review

Co-authored-by: Andrew Chen Wang <60190294+Andrew-Chen-Wang@users.noreply.github.com>

Author: n2ygk

CHANGELOG.md

@@ -17,7 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [2.0.0] unreleased
 
 ### Changed
-* #1093 Changed to implement [hashed](https://docs.djangoproject.com/en/stable/topics/auth/passwords/)
+* #1093 (**Breaking**) Changed to implement [hashed](https://docs.djangoproject.com/en/stable/topics/auth/passwords/)
   client_secret values. This is a **breaking change** that will migrate all your existing
   cleartext `application.client_secret` values to be hashed with Django's default password hashing algorithm
   and can not be reversed. When adding or modifying an Application in the Admin console, you must copy the

tests/test_introspection_view.py

@@ -304,7 +304,7 @@ def test_view_post_valid_client_creds_basic_auth(self):
 
     def test_view_post_invalid_client_creds_basic_auth(self):
         """Must fail for invalid client credentials"""
-        auth_headers = get_basic_auth_header(self.application.client_id, CLEARTEXT_SECRET + "_so_wrong")
+        auth_headers = get_basic_auth_header(self.application.client_id, f"{CLEARTEXT_SECRET}_so_wrong")
         response = self.client.post(
             reverse("oauth2_provider:introspect"), {"token": self.valid_token.token}, **auth_headers
         )
@@ -341,7 +341,7 @@ def test_view_post_invalid_client_creds_plaintext(self):
             {
                 "token": self.valid_token.token,
                 "client_id": self.application.client_id,
-                "client_secret": CLEARTEXT_SECRET + "_so_wrong",
+                "client_secret": f"{CLEARTEXT_SECRET}_so_wrong",
             },
         )
         self.assertEqual(response.status_code, 403)