Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-143

Applications using both OAuth2 and basic can't check scopes in OAuth2

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.0-portal_7.1.0
    • Fix Version/s: 1.0-portal_7.1.0
    • Component/s: None
    • Labels:
      None

      Description

      If an application uses both Basic (or any othe method) and OAuth2 they can't use OAuth2 scopes because that prevents any other authorization method.

      OAuth2 scope checkers should verify that the Authorization was checked using OAuth2 and do not kick in otherwise.

      The properties you can use to make an application opt for both OAuth2 and basic are:

      com.liferay.auth.verifier.filter.enabled=true
      auth.verifier.auth.verifier.BasicAuthHeaderAuthVerifier.urls.includes=*
      auth.verifier.auth.verifier.OAuth2RestAuthVerifier.urls.includes=*

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                1.0-portal_7.1.0