Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-216

Authorization prompt displays different scope to what will actually be granted

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: Master, 1.0-portal_7.1.0, 1.1-marketplace_7.1.0
    • Fix Version/s: 1.1-marketplace_7.1.0
    • Component/s: None
    • Labels:
      None

      Description

      Steps to reproduce:

      1. Create an OAuth 2 Application and assign the Portal Services > "everything.read" scope to it
      2. Deploy a new JAX-RS application "sample-app" that includes the "everything.read" scope (jar attached to ticket)
      3. Perform the Authorization Code flow to display the authorization request page

       Expected result: The authorization prompt DOES NOT include "sample-app", and when you authorize, no scopes from "sample-app" are stored against the authorization

       Actual result: The authorization prompt includes "sample-app", even though when you authorize, no scopes from "sample-app" are actually stored against the authorization

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                1.1-marketplace_7.1.0