[LPS-102647] OAuth2 scopes are removed when Authorizations are revoked - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 7.2.0 GA1
Fix Version/s: Master
Component/s: Application Security > OAuth2
Labels:
- fc_19_10

Sprint:
AS - Iteration 23, AS - Iteration 24
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/79400

Description

Steps to reproduce:

Go to OAuth 2 Administration and create an OAuth 2 application
Configure some scopes for the application and save it.
Use a client (command line, Postman, Insomia, ...) to access the OAuth application which will create an entry in `Authorizations`
Go to `Authorizations` tab and click on `Revoke` button (or select many and click "Revoke Authorizations")
Go back to "Scopes" tab

EXPECTED RESULT: The scopes are still properly configured

ACTUAL RESULT: All scopes are removed (unselected) from the application

As a result, revoking access for just one client blocks all clients from accessing the application until the scopes are reconfigured.

Attachments

Activity

People

Assignee:

Brian Lee

Reporter:

Milen Dyankov (Inactive)

Participants of an Issue:

Brian Lee, Milen Dyankov

Recent user:

Nóra Szél

Engineering Assignee:

Marta Medio

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

02/Oct/19 5:41 AM

Updated:

27/Feb/20 5:38 AM

Resolved:

10/Oct/19 3:26 PM

Days since last comment:

50 weeks, 6 days ago

Packages

Version	Package
Master