Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-250

Warning seen in console after hitting introspection endpoint with a valid refresh token

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: No Longer Reproducible
    • Affects Version/s: Master, 1.1-marketplace_7.1.0
    • Fix Version/s: Master
    • Component/s: None
    • Labels:
      None
    • Fix Priority:
      2

      Description

      Steps to reproduce:

      1. Add a new OAuth 2 application with Token Introspection enabled
      2. Navigate to the authorization code endpoint for the created application
      3. Hit the introspection endpoint via cURL with a valid refresh token

      Expected result:
      Expected to see no warnings in the console.

      Actual Result:
      The following warning is seen in the console: 

      2019-02-14 22:36:00.435 WARN  [http-nio-8080-exec-8][LiferayOAuthDataProvider:268] Remote client 127.0.0.1 - 127.0.0.1 used unknown OAuth 2 token. Repeating report may be a sign of a brute-force attack.
      

      Reproduced on:
      Tomcat 9.0.10 + MySQL 5.7.25
      Portal master GIT ID: d83b0107110758397473e65a63fbd6df10af23bf

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                Master