[LPS-102647] OAuth2 scopes are removed when Authorizations are revoked - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 7.2.0 GA1
Fix Version/s: 7.1.10 DXP FP25, 7.1.X, Master
Component/s: Application Security > OAuth2
Labels:
- fc_19_10
- liferay-fixpack-dxp-25-7110

Branch Version/s:

7.1.x
Backported to Branch:

Committed
Sprint:
AS - Iteration 23, AS - Iteration 24
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/79400

Description

Steps to reproduce:

Go to OAuth 2 Administration and create an OAuth 2 application
Configure some scopes for the application and save it.
Use a client (command line, Postman, Insomia, ...) to access the OAuth application which will create an entry in `Authorizations`
Go to `Authorizations` tab and click on `Revoke` button (or select many and click "Revoke Authorizations")
Go back to "Scopes" tab

EXPECTED RESULT: The scopes are still properly configured

ACTUAL RESULT: All scopes are removed (unselected) from the application

As a result, revoking access for just one client blocks all clients from accessing the application until the scopes are reconfigured.

Attachments

Activity

People

Assignee:: Brian Lee

Reporter:: Milen Dyankov (Inactive)

Participants of an Issue:: Brian Lee, Milen Dyankov

Recent user:: Clarissa Velazquez

Engineering Assignee:: Marta Medio (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/Oct/19 5:41 AM

Updated:: 23/Sep/21 3:35 PM

Resolved:: 10/Oct/19 3:26 PM

Days since last comment:: 2 years, 8 weeks, 4 days ago

Packages

Version	Package
7.1.10 DXP FP25
7.1.X
Master