[OAUTH2-106] SCR011 Reset Application Secret - Liferay Issues

XML

Word

Printable

Details

Type: Sub-Task
Status: Closed
Priority: Minor
Resolution: Completed
Affects Version/s: None
Fix Version/s: 1.0-portal_7.1.0
Component/s: None
Labels:
None

Sprint:
August_Appliaction Security

Description

A confirmation box screen used from ~~OAUTH2-78~~ to reset OAuth2 Application client_secret field to a new secure random value.

The confirmation box should clearly state that:

existing remote clients can no longer use the old client secret in supported OAuth2 grant processes to grant new tokens (Authorization Code, Resource Owner Password Credentials, Client Credentials)
existing granted tokens remain valid, to revoke all tokens application must be deleted

The screen must show the new value of client_secret that will be used for the application. The client_secret should be generated on server using secure random generator.

Attachments

Issue Links

is related to

OAUTH2-78 REQ011.UC005 Reset OAuth2 Application client secret

Closed

relates

OAUTH2-178 DOC: Manage OAuth2 Application using OAuth2 Administration portlet

Open

Activity

People

Assignee:

Unassigned

Reporter:

Tomáš Polešovský

Participants of an Issue:

Tomáš Polešovský

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

12/Jan/18 6:17 AM

Updated:

02/Jul/18 5:29 AM

Resolved:

02/Jul/18 5:24 AM

Packages

Version	Package
1.0-portal_7.1.0