Open meiaus opened 7 months ago
The doc https://openliberty.io/docs/latest/oidc-tools.html stated the following:
If the user doesn't have these attribute set then Add New
button is disabled as expected
appPasswordAllowed="true"
appTokenAllowed="true"
As discussed in the slack, the behavior can be expected, but it's the friendly reminder needed to alert the user when something is not done (e.g., register the client with either of the 2 attributes as True), the behavior will be expected. However, the text format of attribute such as appPasswordAllowed="true"
is only applicable for local store scenario using server.xml configuration. For database scenario, we'll use OIDC Client Management tool to set True for these attributes as shown in the screenshot above. In another word, adding the attribute to server.xml will not work for database scenario.
A little hint in the doc will save some trouble figuring out the cause when getting the warning message.
When accessing the following tools from Admin Center if database store is used, and the client is not registered with the
True
on the attributes ofApplication password allowed
andApplication token allowed
, the following warning appeared in messages.log.With the warning, the tool is not functioning as expected, e.g., in Personal Token Mgmt page,
Add New
is greyed out:The following equivalent configuration from local store setup in server.xml is as demonstrated in https://openliberty.io/blog/2019/09/13/microprofile-reactive-messaging-19009.html#oidc:
To resolve the issue, On the Client Management tool, select the 2 attributes with
True
when registering the client:Currently the doc https://openliberty.io/docs/latest/oidc-tools.html did not specify the requirement on these 2 attributes when database store is used. This issue is to bring to an action to update the doc to help user avoid the same problem.
" To add a new client, click the Add New button to display the Register New OAuth Client window. All fields in this window are optional. Some fields are already populated with default values. Change the values as needed and click the Register button to create a new client. The subsequent OAuth Registration Saved window displays the new client ID and secret. "