Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-1144

OAuth broken (or is it?)

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: None
    • Fix Version/s: 1.5.0
    • Component/s: Security
    • Labels:
      None

      Description

      Reading Avik Ganguly comment in FINERACT-629 that "the spring oauth changes we did broke Oauth", and a number of (failed, uncompleted, abandoned) PRs by Saransh Sharma related to FINERACT-1012 and FINERACT-1057 gives me the impression that Fineract's OAuth support feature may actually currently be broken.

      Let's use this issue for someone to investigate and propose a PR to fix Fineract's OAuth support. I see this as a separate issue from FINERACT-1012. It would be "fair game", IMHO, to propose to just e.g. revert whatever is known to have broken it (if someone knows what that is - I personally do not) - and then deal separate and later with respective 3rd party upgrades, or whatever.

      If it's not broken and works on develop (and thus 1.4.0) as-is, then this issue should be closed.

        Attachments

        Issue Links

        Blocked

        New Feature - A new feature of the product, which has yet to be developed. FINERACT-1305 Release Apache Fineract v1.5.0

        • Major - Major loss of function.
        • Open
        is required by

        Bug - A problem which impairs or prevents the functions of the product. FINERACT-1033 Fineract OAuth Token Change Bug

        • Major - Major loss of function.
        • Open

        Bug - A problem which impairs or prevents the functions of the product. FINERACT-1057 Running -Psecurity=oauth leads to memory leak issue

        • Major - Major loss of function.
        • Open

        Bug - A problem which impairs or prevents the functions of the product. FINERACT-1012 Spring Security OAuth 2.x to Spring Security 5.2.x

        • Critical - Crashes, loss of data, severe memory leak.
        • In Progress

        Improvement - An improvement or enhancement to an existing feature or task. FINERACT-1142 Recommend OAuth security for production installations

        • Major - Major loss of function.
        • Open

        Test - A new unit, integration or system test. FINERACT-1143 Add Test Coverage for OAuth Support

        • Major - Major loss of function.
        • Open
        requires

        Bug - A problem which impairs or prevents the functions of the product. FINERACT-1145 OAuth Support documentation is missing

        • Major - Major loss of function.
        • Resolved

          Activity
          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              vorburger Michael Vorburger
              Reporter:
              vorburger Michael Vorburger

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment