Cannot delete OAuth Clients with javascript SDK in premium app example

markmou · April 13, 2022, 7:05am

Hi,

I am using the premium app example to test app installation and uninstallation progress. A few days ago it works well, but today when I tried to run the uninstallation progress, I got an error response when the wizard performed the OAuth client removal operation.

The first error I've got is "clients that are not inactive cannot be deleted" which is similar to this (Cannot delete OAuth Clients)

So I tried to get the OAuth client and update it with "inactive" state by OAuth API before delete, then I got this error while putOauthClient.
Client roles must not exceed the creating user

let removalOperation = oAuthApi.getOauthClient(entity.id)
.then((clientData)=>{                                            
    clientData.state = "inactive";
    return oAuthApi.putOauthClient(entity.id, clientData);
})                                        
.then((res)=>{
    return oAuthApi.deleteOauthClient(entity.id);
 })

The error message seems to be a user permission-related problem, but the OAuth client was created by my account in the installation progress, and the role has been assigned to my account.

Don't know why the original oAuthApi.deleteOauthClient() code does not work in the Premium App Example.

Thanks in advance.
Mark

Jerome.Saint-Marc · April 13, 2022, 8:57am

Hello,

Yes, it seems a change has been enforced few days ago that prevents deleting OAuth Clients that have not been inactivated first.

I will push a change on the github repository to manage this.
This will only be effective in few days - I need someone to accept the change.
EDIT 04/19: fix has been implemented and pushed to the github repository

As you are running your project locally, here is the change.
In wizard/scripts/modules/oauth-client.js, you can update the remove function with this:

function remove(logFunc) {
    logFunc('Uninstalling OAuth Clients...');

    return getExisting()
        .then((instances) => {
            let del_clients = [];

            if (instances.length > 0) {
                // Filter results before deleting
                instances.forEach(entity => {
                    entity.state = 'inactive';
                    del_clients.push(
                        oAuthApi.putOauthClient(entity.id, entity)
                            .then((inactiveEntity) => {
                                return oAuthApi.deleteOauthClient(entity.id);
                            })
                    );
                });
            }

            return Promise.all(del_clients);
        });
}

Regarding the error that you are getting: Client roles must not exceed the creating user
Your user (the one running the wizard) must have the same roles than the OAuth Client (with Client Credentials Grant Type) in order for the update to be allowed.
Given the error, there is probably one role enabled in the OAuth Client that your user doesn't have.
Or as you run the uninstall and it failed when trying to delete the OAuth Client, the wizard has probably deleted the Premium Example Role in your environment and your OAuth Client has no roles enabled (it must have one least). If it is the case, enable any role that your user also has. You can then inactivate the OAuth Client and delete it (via new wizard, via Admin UI, via Developer Tools - API Explorer).

Regards,

markmou · April 19, 2022, 5:41am

Hi Jerome, thanks for the solution, it works.

Regards,
Mark

system · May 20, 2022, 5:42am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.