AppSec Iteration 59
This feature is added to be able to revoke all authorizations with a single click at the OAuth2 Administration screen, where each OAuth2 Application is listed.
It is useful for OAuth2 administrators who will be able to revoke all access to an application in a very quick way.
A new option is offered in each row at the menu on the left side of the administration screen, this menu offers different options to apply to the OAuth2 application. When authorizations exist, a new option will appear: "Revoke Authorizations", it will ask for confirmation of the action and, when executed, will delete all associated authorizations.
Take into account that this option will only be available if there is an authorization associated with the application (you can see the number of authorizations for each application in one of the existing columns).
Se attached screenshot.
Go to Menu - OAuth2 Administration, the list of OAuth2 applications offers a menu in each row on the left side, when the application has any associated authorization, the option "Revoke Authorizations" will be available.
- application_actions.jsp: new option at the administration screen to execute the new action of "Revoke Authorizations".
- RevokeOAuth2AuthorizationsMVCActionCommand.java: If the existing action command receives an OAuth Application Id, it will try to revoke all existing authorizations.
- OAuth2AuthorizationServiceImpl.java: New service method to revoke all existing authorizations by OAuth2 Application Id.