[OAUTH2-78] REQ011.UC005 Reset OAuth2 Application client secret - Liferay Issues

XML

Word

Printable

Details

Type: Sub-Task
Status: Closed
Priority: Minor
Resolution: Completed
Affects Version/s: None
Fix Version/s: 1.0-portal_7.1.0
Component/s: None
Labels:
None

Sprint:
August_Appliaction Security

Description

Preconditions:

User is signed in
At least one OAuth2 application with "client type = Confidential" property exists and user has permission to UPDATE it
User can display OAuth2 Applications portlet

Events flow:

User displays OAuth2 Applications
Portal displays SCR006 List of OAuth2 Applications (~~OAUTH2-82~~) screen
User clicks on "Reset secret" action button in a "Confidential" type row
Portal shows a confirmation dialog with warning SCR011 Reset Application Secret (~~OAUTH2-106~~)
User approves confirmation box
Portal resets client secret

Post-conditions:

Application secret is reset to a new secure random value
Existing remote clients can no longer use the old client secret in supported OAuth2 grant processes to grant new tokens (Authorization Code, Resource Owner Password Credentials, Client Credentials)
Existing granted tokens remain valid, to revoke all tokens application must be deleted

Again, the portal should clearly communicate the consequences of resetting an Application’s secret.

Attachments

Issue Links

depends on

OAUTH2-82 SCR006 List of OAuth2 Applications

Closed

relates

OAUTH2-178 DOC: Manage OAuth2 Application using OAuth2 Administration portlet

Open

OAUTH2-106 SCR011 Reset Application Secret

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Tomáš Polešovský

Participants of an Issue:: Tomáš Polešovský

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 11/Jan/18 4:47 AM

Updated:: 02/Jul/18 5:29 AM

Resolved:: 02/Jul/18 5:24 AM

Packages

Version	Package
1.0-portal_7.1.0