-
Type:
Story
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 7.2.0 GA1
-
Component/s: None
-
Sprint:AS | Iteration 17, AS | Iteration 18
-
Git Pull Request:
Currently the token is issued as the user that created the OAuth2 application. It might have too broad permission when it's done by an Administrator.
Fixed in
- Liferay CE Plugin for OAuth 2.0 version 2.0.0 and higher for Liferay Portal 7.2
- Liferay Plugin for OAuth 2.0 version 2.0.0 and higher for Liferay DXP 7.2
How to achieve the same behavior in 7.1:
- Create a new Regular Role called "OAuth2 App Creator"
- Define the following permissions for this new role:
- OAuth 2 Administration > Access in Control Panel
- OAuth 2 Administration > Add OAuth 2 Application
- Portal: View Control Panel Menu (granted automatically)
- Assign the new role to a User who you want to add the OAuth2 app on behalf of. This will be the user that the token will be granted as
- Impersonate that user and add the OAuth2 app
- Revoke the "OAuth2 App Creator" role from this user
- demands
-
LRDOCS-6850 Update OAuth2 docs to reflect changes introduced in 7.2
-
- Open
-