IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Dynamic clients are not removed when API definition is removed - Should this be the case?

  • 1.  Dynamic clients are not removed when API definition is removed - Should this be the case?

    Posted Thu May 19, 2022 05:21 PM
    I noticed when I remove an API definition, the dynamic clients do not get removed from the oauth20_dynamic_client table.  Is there some cleanup process to remove these, or should I request an enhancement or something so this gets addressed?  It's not a huge risk, we don't delete these definitions everyday.  However, if someone isn't careful I could see how maybe it could be a problem if a new definition was created later with the same id and name.  I don't know, maybe I am too paranoid?

    To reproduce:
    1. Backup published config
    2. Create some DCR clients
    3. Go on isam-db and issue the following command at the terminal:
      psql isamdb -c 'select definition_id, definition_name, client_id from oauth20_dynamic_client'
    4. Delete an API definition
    5. Go on isam-db and issue the following command at the terminal:
      psql isamdb -c 'select definition_id, definition_name, client_id from oauth20_dynamic_client'
    6. Determine if clients were removed for the definition you deleted
    7. Revert previous published config
    This was noticed on v10.0.3.1 on the container version.  I would expect the virtual appliance would behave the same.  Thanks!

    ------------------------------
    Matt Jenkins
    ------------------------------