IBM Security Verify

 View Only

Dynamic clients are not removed when API definition is removed - Should this be the case?

  • 1.  Dynamic clients are not removed when API definition is removed - Should this be the case?

    InnerCircle
    Posted Thu May 19, 2022 05:21 PM
    I noticed when I remove an API definition, the dynamic clients do not get removed from the oauth20_dynamic_client table.  Is there some cleanup process to remove these, or should I request an enhancement or something so this gets addressed?  It's not a huge risk, we don't delete these definitions everyday.  However, if someone isn't careful I could see how maybe it could be a problem if a new definition was created later with the same id and name.  I don't know, maybe I am too paranoid?

    To reproduce:
    1. Backup published config
    2. Create some DCR clients
    3. Go on isam-db and issue the following command at the terminal:
      psql isamdb -c 'select definition_id, definition_name, client_id from oauth20_dynamic_client'
    4. Delete an API definition
    5. Go on isam-db and issue the following command at the terminal:
      psql isamdb -c 'select definition_id, definition_name, client_id from oauth20_dynamic_client'
    6. Determine if clients were removed for the definition you deleted
    7. Revert previous published config
    This was noticed on v10.0.3.1 on the container version.  I would expect the virtual appliance would behave the same.  Thanks!

    ------------------------------
    Matt Jenkins
    ------------------------------