Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-202

User must be Site Member to use OAuth2 Authorize portlet

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Minor
        • Resolution: Fixed
        • Affects Version/s: Master, 1.0-portal_7.1.0, 7.1.x
        • Fix Version/s: Master
        • Component/s: None
        • Labels:

          Description

          Steps to reproduce:

          1. Create OAuth2 Application
            1. clientId: 12345
            2. Authorization Code Grant enabled
          2. Update the OAuth2 Application permissions and allow "User" role to VIEW and CREATE_TOKEN
          3. Create a new user and sign in
          4. Start authorization code flow by going to http://localhost:8080/o/oauth2/authorize?client_id=12345&response_type=code

          Expected result: User can see the authorize screen

          Actual result: Error saying user doesn't have required permissions

          Workarounds

          Workaround #1 - allow any registered user to have VIEW permission:

          1. Open permissions screen for the default individual resource permission record for OAuth2AuthorizePortlet:
            http://localhost:8080/?p_p_id=com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet&p_p_state=pop_up&_com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet_mvcPath=%2Fedit_permissions.jsp&_com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet_portletConfiguration=true&_com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet_portletResource=com_liferay_oauth2_provider_web_internal_portlet_OAuth2AuthorizePortlet&_com_liferay_portlet_configuration_web_portlet_PortletConfigurationPortlet_resourcePrimKey=com_liferay_oauth2_provider_web_internal_portlet_OAuth2AuthorizePortlet
          2. Assign "VIEW" permission for "User"
          3. Clear all caches using Server Admin portlet

          Workaround #2 - display the portlet inside Control Panel (might not work for environments which prevents accessing Control Panel)

          • Go to Authorize Screen (System Settings -> OAuth2 -> Authorize Screen)
          • Change Authorize Screen URL to use Control Panel: /group/control_panel?p_p_id=com_liferay_oauth2_provider_web_internal_portlet_OAuth2AuthorizePortlet&p_p_state=maximized

          Workaround #3

          • Users that want to use OAuth2 Authorize portlet must be site members of Guest site

          Reproduced with "Liferay Plugin for OAuth 2.0" 1.1.0

            Attachments

              Issue Links

              relates

              Sub-Task - The sub-task of the issue OAUTH2-205 DOC: Create quick intro into OAuth2 Provider framework setup

              • Minor - Minor loss of function, or other problem where easy workaround is present.
              • Open

                Activity

                  People

                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Packages

                      Version Package
                      Master