Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-24 REQ011 OAuth2 administrator can register clients manually
  3. OAUTH2-78

REQ011.UC005 Reset OAuth2 Application client secret

    XMLWordPrintable

    Details

    • Type: Sub-Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: 1.0-portal_7.1.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      August_Appliaction Security

      Description

      Preconditions:

      • User is signed in
      • At least one OAuth2 application with "client type = Confidential" property exists and user has permission to UPDATE it
      • User can display OAuth2 Applications portlet

      Events flow:

      1. User displays OAuth2 Applications
      2. Portal displays SCR006 List of OAuth2 Applications (OAUTH2-82) screen
      3. User clicks on "Reset secret" action button in a "Confidential" type row
      4. Portal shows a confirmation dialog with warning SCR011 Reset Application Secret (OAUTH2-106)
      5. User approves confirmation box
      6. Portal resets client secret

      Post-conditions:

      • Application secret is reset to a new secure random value
      • Existing remote clients can no longer use the old client secret in supported OAuth2 grant processes to grant new tokens (Authorization Code, Resource Owner Password Credentials, Client Credentials)
      • Existing granted tokens remain valid, to revoke all tokens application must be deleted

      Again, the portal should clearly communicate the consequences of resetting an Application’s secret.

        Attachments

          Issue Links

          depends on

          Sub-Task - The sub-task of the issue OAUTH2-82 SCR006 List of OAuth2 Applications

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates

          Sub-Task - The sub-task of the issue OAUTH2-178 DOC: Manage OAuth2 Application using OAuth2 Administration portlet

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Sub-Task - The sub-task of the issue OAUTH2-106 SCR011 Reset Application Secret

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                tomas.polesovsky Tomáš Polešovský
                Participants of an Issue:
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  1.0-portal_7.1.0