Content
View differences
Updated by Pavel Balashou 11 months ago
###
### Steps to reproduce
1. Login as an admin.
2. Go to the ScimCleint creation form.
3. Choose "Static access token".
4. Click on create.
5. You see downcased hash value like: `3804c29949ed1d14eb70bd0056b31b6cb146cc72a5f3b55bca8146887f606228`
UPD: the same problem is actual for ScimClient with OAuth credentials (`client_secret` filed)
### What is the buggy behavior?
* Not original plaintext token is presented to the admin for copying.
* ScimClient fails to authenticate in OP SCIM Server API due to the wrong value presented to the admin.
### What is the expected behavior?
1. Access token and OAuth client secret must be presented in plain text format, not hashed. Usually it looks like: `FVz-fQlyY9IwvL-NkfEm8KD6z9qUGbvSIOi_nwJuDEU` (there are upcase, downcase and special chars used)
2. Presented access token is accepted by SCIM API.
###
1. Login as an admin.
2. Go to the ScimCleint creation form.
3. Choose "Static access token".
4. Click on create.
5. You see downcased hash value like: `3804c29949ed1d14eb70bd0056b31b6cb146cc72a5f3b55bca8146887f606228`
UPD: the same problem is actual for ScimClient with OAuth credentials (`client_secret` filed)
### What is the buggy behavior?
* Not original plaintext token is presented to the admin for copying.
* ScimClient fails to authenticate in OP SCIM Server API due to the wrong value presented to the admin.
### What is the expected behavior?
1. Access token and OAuth client secret must be presented in plain text format, not hashed. Usually it looks like: `FVz-fQlyY9IwvL-NkfEm8KD6z9qUGbvSIOi_nwJuDEU` (there are upcase, downcase and special chars used)
2. Presented access token is accepted by SCIM API.