Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-22521

OAuth2: we shouldn't be able to register 2 clients with the same id

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.2
    • Component/s: OAuth

      Description

      Currently, nothing is preventing this when going through the JSF UI.
      Possible solutions:
      1. Add a JSF validation.
      2. Use the clientId as a primary key in the oauth2Clients directory (currently the primary key is the autoincremented id field).

      The problem with 1. is that it will only work for JSF, not for Web UI, the REST API or any other way of creating an entry in the directory.

      The only good way seems to be 2. but it means breaking some existing data.

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NXP-23879 Cannot edit an OAuth2 client through the Admin Center

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours
                  3h