Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-102647

OAuth2 scopes are removed when Authorizations are revoked

    Details

      Description

      Steps to reproduce:

      1. Go to OAuth 2 Administration and create an OAuth 2 application
      2. Configure some scopes for the application and save it.
      3. Use a client (command line, Postman, Insomia, ...) to access the OAuth application which will create an entry in `Authorizations`
      4. Go to `Authorizations` tab and click on `Revoke` button (or select many and click "Revoke Authorizations")
      5. Go back to "Scopes" tab

      EXPECTED RESULT: The scopes are still properly configured

      ACTUAL RESULT: All scopes are removed (unselected) from the application

      As a result, revoking access for just one client blocks all clients from accessing the application until the scopes are reconfigured. 

       

        Attachments

          Activity

            People

            Assignee:
            brian.lee Brian Lee
            Reporter:
            milen.dyankov Milen Dyankov (Inactive)
            Participants of an Issue:
            Recent user:
            Clarissa Velazquez
            Engineering Assignee:
            Marta Medio (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              2 years, 8 weeks, 4 days ago

                Packages

                Version Package
                7.1.10 DXP FP25
                7.1.X
                Master