Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oauthclientauthorizations do not check the client's UID #15121

Open
enj opened this issue Jul 10, 2017 · 3 comments
Open

oauthclientauthorizations do not check the client's UID #15121

enj opened this issue Jul 10, 2017 · 3 comments
Labels
area/security component/auth lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. priority/P2

Comments

@enj
Copy link
Contributor

enj commented Jul 10, 2017
edited
Loading

We do not honor oauthclientauthorizations whose user UID does not match. However, we do not track the client's UID so an oauthclientauthorization will match a client that has been deleted and recreated.

This would be mitigated if #15120 was fixed.
@enj enj self-assigned this Jul 10, 2017
@enj enj mentioned this issue Sep 9, 2017
Open
@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 16, 2018
@enj
Copy link
Contributor Author

enj commented Feb 19, 2018

/lifecycle frozen

@openshift-ci-robot openshift-ci-robot added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label Feb 19, 2018
@enj
Copy link
Contributor Author

enj commented Oct 16, 2019

/unassign

@stlaz @sttts @mfojtik

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security component/auth lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. priority/P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@openshift-bot @pweil- @enj @openshift-ci-robot