I noticed when I remove an API definition, the dynamic clients do not get removed from the oauth20_dynamic_client table. Is there some cleanup process to remove these, or should I request an enhancement or something so this gets addressed? It's not a huge risk, we don't delete these definitions everyday. However, if someone isn't careful I could see how maybe it could be a problem if a new definition was created later with the same id and name. I don't know, maybe I am too paranoid?
To reproduce:
- Backup published config
- Create some DCR clients
- Go on isam-db and issue the following command at the terminal:
psql isamdb -c 'select definition_id, definition_name, client_id from oauth20_dynamic_client'
- Delete an API definition
- Go on isam-db and issue the following command at the terminal:
psql isamdb -c 'select definition_id, definition_name, client_id from oauth20_dynamic_client'
- Determine if clients were removed for the definition you deleted
- Revert previous published config
This was noticed on v10.0.3.1 on the container version. I would expect the virtual appliance would behave the same. Thanks!
------------------------------
Matt Jenkins
------------------------------