Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-202

User must be Site Member to use OAuth2 Authorize portlet

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: Master, 1.0-portal_7.1.0, 7.1.x
    • Fix Version/s: Master
    • Component/s: None
    • Labels:

      Description

      Steps to reproduce:

      1. Create OAuth2 Application
        1. clientId: 12345
        2. Authorization Code Grant enabled
      2. Update the OAuth2 Application permissions and allow "User" role to VIEW and CREATE_TOKEN
      3. Create a new user and sign in
      4. Start authorization code flow by going to http://localhost:8080/o/oauth2/authorize?client_id=12345&response_type=code

      Expected result: User can see the authorize screen

      Actual result: Error saying user doesn't have required permissions

      Workarounds

      Workaround #1 - allow any registered user to have VIEW permission:

      1. Open permissions screen for the default individual resource permission record for OAuth2AuthorizePortlet:
        http://localhost:8080/?p_p_id=com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet&p_p_state=pop_up&_com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet_mvcPath=%2Fedit_permissions.jsp&_com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet_portletConfiguration=true&_com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet_portletResource=com_liferay_oauth2_provider_web_internal_portlet_OAuth2AuthorizePortlet&_com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet_resourcePrimKey=com_liferay_oauth2_provider_web_internal_portlet_OAuth2AuthorizePortlet
      2. Assign "VIEW" permission for "User"
      3. Clear all caches using Server Admin portlet

      Workaround #2 - display the portlet inside Control Panel (might not work for environments which prevents accessing Control Panel)

      • Go to Authorize Screen (System Settings -> OAuth2 -> Authorize Screen)
      • Change Authorize Screen URL to use Control Panel: /group/control_panel?p_p_id=com_liferay_oauth2_provider_web_internal_portlet_OAuth2AuthorizePortlet&p_p_state=maximized

      Workaround #3

      • Users that want to use OAuth2 Authorize portlet must be site members of Guest site

      Reproduced with "Liferay Plugin for OAuth 2.0" 1.1.0

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  Master