Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-102647

OAuth2 scopes are removed when Authorizations are revoked

    Details

      Description

      Steps to reproduce:

      1. Go to OAuth 2 Administration and create an OAuth 2 application
      2. Configure some scopes for the application and save it.
      3. Use a client (command line, Postman, Insomia, ...) to access the OAuth application which will create an entry in `Authorizations`
      4. Go to `Authorizations` tab and click on `Revoke` button (or select many and click "Revoke Authorizations")
      5. Go back to "Scopes" tab

      EXPECTED RESULT: The scopes are still properly configured

      ACTUAL RESULT: All scopes are removed (unselected) from the application

      As a result, revoking access for just one client blocks all clients from accessing the application until the scopes are reconfigured. 

       

        Attachments

          Activity

            People

            • Assignee:
              brian.lee Brian Lee
              Reporter:
              milen.dyankov Milen Dyankov (Inactive)
              Participants of an Issue:
              Recent user:
              Nóra Szél
              Engineering Assignee:
              Marta Medio
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                50 weeks, 6 days ago

                Packages

                Version Package
                Master