Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modifying custom parameter in Endpoint Security Configurations override the client_secret #3115

Closed
akila95fernando opened this issue Sep 14, 2024 · 0 comments · Fixed by wso2/apim-apps#768
Closed

Modifying custom parameter in Endpoint Security Configurations override the client_secret #3115

akila95fernando opened this issue Sep 14, 2024 · 0 comments · Fixed by wso2/apim-apps#768
Assignees
@Oshanath
Labels
Affected/APIM-4.0.0 Resolution/Fixed Type/Bug

Comments

@akila95fernando
Copy link

Description

When updating the Endpoint Security Configurations via publisher portal , if you do not explicitly set the client secret field it gets overwritten by ******** .

Which is causing the failure by sending an invalid encoded client_secret in Authorization header when invoking the token endpoint .

Steps to Reproduce

Create an API
Enable oauth2 protection for backend endpoint in publisher
Save and deploy
Again add a custom parameter in Endpoint Security Configurations
Save and deploy
This will override the original client secret as ********

Affected Component

APIM

Version

4.0.0

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Oshanath Oshanath

Labels
Affected/APIM-4.0.0 Resolution/Fixed Type/Bug
Projects
None yet
Milestone
No milestone
2 participants
@akila95fernando @Oshanath