JSON:API link keys can collide

This looks good, we'll need some tests to go with it however

This looks good and ensure normalization varies based on link attributes. I just have one nit

+++ b/core/modules/jsonapi/src/Normalizer/LinkCollectionNormalizer.php
@@ -94,7 +94,13 @@ protected function hashByHref(Link $link) {
+    $params = [
+      'href' => $link->getHref(),
+    ] + $link->getTargetAttributes();
+    foreach ($params as $name => $value) {
...
+    }
+    return substr(str_replace(['-', '_'], '', Crypt::hashBase64($this->hashSalt . implode(';', array_values($params)))), 0, 7);

If we're running array_values why not build $params as a non-associative array?

$params = [
   'href=' . $link->getHref();
]
foreach ($params as $name => $value) {
  $params[] = sprintf('%s="%s"', $name, implode(' ', (array) $value));
}

Then it's just implode(';', $params)

Uber nit.

It looks good for me too. I have tested it successfully.

@mglaman I like your proposal about non-associative array but I don't understand why you removed the part where the link attributes are joined => "+ $link->getTargetAttributes()". I suppose it's a mistake.

Although I like to maintain things as simple as possible an I like your proposal about non-associative array, I think in this case make sense to use an associative array.
With a non-associative array you can introduce duplicates in $params array provided by $link->getTargetAttributes(). The use of an associative array will avoid this duplicates.

On the other hand, If the duplicates are not a problem an we want to use a non-associative array, the code would be:

$param_values = [
   'href=' . $link->getHref();
] + $link->getTargetAttributes()

foreach ($params_values as $value) {
  $params[] = sprintf("%s", implode(' ', (array) $value));
}

Otherwise we will have a wrong output because sprintf() takes the index as part of the string.
Moreover we need to use different names for $params or we will get duplicated values.

💥 Looks great to me. RTBC. I know the array_values thing was a nit, but I like to remove extra array structuring and destructing if possible.

Committed e239d3e and pushed to 9.2.x. Thanks!

Nice catch! 🤯

@catch pointed out that a comment might be useful in to explain what the code is doing. This made me realise that the method docs are no longer correct...

  /**
   * Hashes a link by its href.
   *
   * @param \Drupal\jsonapi\JsonApiResource\Link $link
   *   A link to be hashed.
   *
   * @return string
   *   A 7 character alphanumeric hash.
   */

I think this needs updating to be more complete.

Committed and pushed 99b763a12a to 9.2.x and 849ca9b597 to 9.1.x. Thanks!

Backported to 9.1.x as this is a straight up bug fix.