Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-259

Allow Client Credentials grant flow to specify the user that the token will be granted as

    XMLWordPrintable

    Details

      Description

      Currently the token is issued as the user that created the OAuth2 application. It might have too broad permission when it's done by an Administrator.

      Fixed in

      • Liferay CE Plugin for OAuth 2.0 version 2.0.0 and higher for Liferay Portal 7.2
      • Liferay Plugin for OAuth 2.0 version 2.0.0 and higher for Liferay DXP 7.2

      How to achieve the same behavior in 7.1:

      1. Create a new Regular Role called "OAuth2 App Creator"
      2. Define the following permissions for this new role:
        • OAuth 2 Administration > Access in Control Panel
        • OAuth 2 Administration > Add OAuth 2 Application
        • Portal: View Control Panel Menu (granted automatically)
      3. Assign the new role to a User who you want to add the OAuth2 app on behalf of. This will be the user that the token will be granted as
      4. Impersonate that user and add the OAuth2 app
      5. Revoke the "OAuth2 App Creator" role from this user

        Attachments

          Issue Links

          demands

          Improvement - An improvement or enhancement to an existing feature or task. LRDOCS-6850 Update OAuth2 docs to reflect changes introduced in 7.2

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  7.2.0 GA1