-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.2.0 GA1
-
Fix Version/s: Master
-
Component/s: Application Security > OAuth2
-
Labels:
-
Sprint:AS - Iteration 23, AS - Iteration 24
-
Git Pull Request:
Steps to reproduce:
- Go to OAuth 2 Administration and create an OAuth 2 application
- Configure some scopes for the application and save it.
- Use a client (command line, Postman, Insomia, ...) to access the OAuth application which will create an entry in `Authorizations`
- Go to `Authorizations` tab and click on `Revoke` button (or select many and click "Revoke Authorizations")
- Go back to "Scopes" tab
EXPECTED RESULT: The scopes are still properly configured
ACTUAL RESULT: All scopes are removed (unselected) from the application
As a result, revoking access for just one client blocks all clients from accessing the application until the scopes are reconfigured.