wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
846 stars 785 forks source link

API Manager 3.0.0 - Changing scope for resource works only after server restart #6943

Closed igkononov closed 4 years ago

igkononov commented 4 years ago

Hi,

Please, help me with this problem.

On previous steps I published new API in Publisher, created new application in DevPortal and made subscription for created API.

Description of problem: After this, I changed scope for one resource in my API. But after saving changes I keep have possibility to get access for my resource without any restrictions. Re-subscription for API in application doesn't help. New scope begins his work only after restarting API Manager.

There is the same problem in flow when I try to remove scope.

Please, can you explain, is it a bug? I'm not sure that I need to restart API Manager every time, when I need to change scope.

Thanks in advance.

tmkasun commented 4 years ago

Hi @igkononov ,

I tried to reproduce this issue in APIM 3.0.0, But couldn't reproduce the issue. What I did was,

Could you please provide more information to reproduce your issue? Or is there any difference in my steps with yours ?

igkononov commented 4 years ago

Hi @tmkasun,

Try to consume resource in application in DevPortal (make a request for this resource) and only after this change scope in Publisher

igkononov commented 4 years ago

Are there any updates on this question?

tmkasun commented 4 years ago

Hi @igkononov,

Sorry about the delay in reply, Yes this is expected behavior due to caching in key manager (OAuth cache). You need to wait till the cache invalidate(default max: 15mins) or restart the gateway nodes to make this changes effected.

tmkasun commented 4 years ago

Hope the above comment provides the answer to your concern, Closing this issue, for now, Feel free to reopen the issue if you need further clarification.