-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: Master
-
Fix Version/s: Master
-
Component/s: None
-
Labels:
-
Git Pull Request:
OAuth2ApplicationScopeAliasesLocalServiceImpl.deleteOAuth2ApplicationScopeAliases(long) deletes also the related OAuth2ScopeGrant entries. But it does not take care to prevent deletion of those that are referenced by OAuth2Authorization entries (or alternatively cascade the deletion to those entries also).
- Go to OAuth 2 Administration and create an OAuth 2 application
- Configure some scopes for the application and save it.
- Use a client (command line, Postman, Insomia, ...) to access the OAuth application which will create an entry in `Authorizations`
- Invoke the problem method from custom Java code (there is no remote service equivalent)
Expected result: There are no records in OA2Auths_OA2ScopeGrants that reference non-existent records in OAuth2ScopeGrants
Actual result: Such records exist
Because there is no remote service the likelihood of this bug impacting customers is much lower. Still this a bug that we should resolve at some stage.