[LPS-102647] OAuth2 scopes are removed when Authorizations are revoked - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 7.2.0 GA1
Fix Version/s: Master
Component/s: Application Security > OAuth2
Labels:
- fc_19_10

Sprint:
AS - Iteration 23, AS - Iteration 24
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/79400

Description

Steps to reproduce:

Go to OAuth 2 Administration and create an OAuth 2 application
Configure some scopes for the application and save it.
Use a client (command line, Postman, Insomia, ...) to access the OAuth application which will create an entry in `Authorizations`
Go to `Authorizations` tab and click on `Revoke` button (or select many and click "Revoke Authorizations")
Go back to "Scopes" tab

EXPECTED RESULT: The scopes are still properly configured

ACTUAL RESULT: All scopes are removed (unselected) from the application

As a result, revoking access for just one client blocks all clients from accessing the application until the scopes are reconfigured.

Attachments

Activity

People

Assignee:: Brian Lee

Reporter:: Milen Dyankov (Inactive)

Participants of an Issue:: Brian Lee, Milen Dyankov

Recent user:: Marcellus Tavares

Engineering Assignee:: Marta Medio

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/Oct/19 5:41 AM

Updated:: 17/Dec/20 2:14 PM

Resolved:: 10/Oct/19 3:26 PM

Days since last comment:: 1 year, 27 weeks, 2 days ago

Packages

Version	Package
Master