Details

    • Type: Sub-Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: 1.0-portal_7.1.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      August_Appliaction Security

      Description

      Preconditions:

      • User is signed in
      • At least one OAuth2 application with "client type = Confidential" property exists and user has permission to UPDATE it
      • User can display OAuth2 Applications portlet

      Events flow:

      1. User displays OAuth2 Applications
      2. Portal displays SCR006 List of OAuth2 Applications (OAUTH2-82) screen
      3. User clicks on "Reset secret" action button in a "Confidential" type row
      4. Portal shows a confirmation dialog with warning SCR011 Reset Application Secret (OAUTH2-106)
      5. User approves confirmation box
      6. Portal resets client secret

      Post-conditions:

      • Application secret is reset to a new secure random value
      • Existing remote clients can no longer use the old client secret in supported OAuth2 grant processes to grant new tokens (Authorization Code, Resource Owner Password Credentials, Client Credentials)
      • Existing granted tokens remain valid, to revoke all tokens application must be deleted

      Again, the portal should clearly communicate the consequences of resetting an Application’s secret.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  1.0-portal_7.1.0