Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25342

Fix OAuth2 authentication in cluster

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 7.10
    • Fix Version/s: None
    • Component/s: OAuth
    • Tags:
    • Backlog priority:
      300
    • Sprint:
      nxfit 10.3.1, nxfit 10.3.2, nxfit 10.3.3, nxfit 10.3.4, nxfit 10.3.5, nxfit 10.3.6, nxfit 10.3.7, nxfit 10.3.8
    • Story Points:
      5

      Description

      After calling /oauth2/authorization, the AuthorizationRequest are stored in AuthorizationRequest#requests which is a static Map.

      When calling /oauth2/token, we retrieve the AuthorizationRequest from the Map given the authoriation code.
      => If the call /oauth2/token is done on another node, the AuthorizationRequest does not exist.

      AuthorizationRequest should probably be stored in Redis to avoid any issue.

      The bug has been fixed in 9.2 thanks to NXP-22329. Now we need a solution for 7.10 (and 8.10 if the customer moves to LTS 2016).

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 1 hour
                  1d 1h