Description of problem: In 4.7 we want to be able to assume that there is no non-sha256 oauth token in the system. For that we will add an Upgradable:false condition to 4.6z before we ship 4.7.
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. Additionally, you can add LifecycleFrozen into Keywords if you think this bug should never be marked as stale. Please consult with bug assignee before you do that.
The LifecycleStale keyword was removed because the needinfo? flag was reset. The bug assignee was notified.
Closing in favour of #1949941. With the past experience in mind, we decided to allow upgrades, even though the old-format tokens will not work at all. We'll create an informational alert in 4.7 in case there still are some of the old-format tokens.
*** This bug has been marked as a duplicate of bug 1949941 ***