-
Type:
Sub-Task
-
Status: Closed
-
Priority:
Minor
-
Resolution: Completed
-
Affects Version/s: None
-
Fix Version/s: 1.0-portal_7.1.0
-
Component/s: None
-
Labels:None
-
Sprint:August_Appliaction Security
A confirmation box screen used from OAUTH2-78 to reset OAuth2 Application client_secret field to a new secure random value.
The confirmation box should clearly state that:
- existing remote clients can no longer use the old client secret in supported OAuth2 grant processes to grant new tokens (Authorization Code, Resource Owner Password Credentials, Client Credentials)
- existing granted tokens remain valid, to revoke all tokens application must be deleted
The screen must show the new value of client_secret that will be used for the application. The client_secret should be generated on server using secure random generator.
- is related to
-
OAUTH2-78 REQ011.UC005 Reset OAuth2 Application client secret
-
- Closed
-
- relates
-
OAUTH2-178 DOC: Manage OAuth2 Application using OAuth2 Administration portlet
-
- Open
-