Affects Version/s: None
Fix Version/s: 7.2.0 GA1
Currently the token is issued as the user that created the OAuth2 application. It might have too broad permission when it's done by an Administrator.
- Liferay CE Plugin for OAuth 2.0 version 2.0.0 and higher for Liferay Portal 7.2
- Liferay Plugin for OAuth 2.0 version 2.0.0 and higher for Liferay DXP 7.2
How to achieve the same behavior in 7.1:
- Create a new Regular Role called "OAuth2 App Creator"
- Define the following permissions for this new role:
- OAuth 2 Administration > Access in Control Panel
- OAuth 2 Administration > Add OAuth 2 Application
- Portal: View Control Panel Menu (granted automatically)
- Assign the new role to a User who you want to add the OAuth2 app on behalf of. This will be the user that the token will be granted as
- Impersonate that user and add the OAuth2 app
- Revoke the "OAuth2 App Creator" role from this user