v7.2.14
v7.2.14
-
Add the un-authenticated API method
/api/authproxy/v1/noauth/fetchClientCredsTokento effectively proxy for the IDP's token endpoint to obtain an access token using the client credentials flow. The request contains the client credentials and looks like{ "clientId": "a-client", "clientSecret": "BR9m.....KNQO" }. The response media type istext/plainand contains the access token. -
Change processing user token expiry time from 1year to 10min when using internal identity provider.
-
Remove the CLI command
fetch_proc_user_tokenas it is now replaced by the/authproxy/v1/noauthAPI method. -
Fix issues with the refreshing of expired authentication tokens. Change the age of the service user token from 1yr to 10mins for the internal IDP.
-
Issue #3947 : Fix owner validation of document permissions when cascading permissions. Now the validation requiring a single owner is only applied to the top level document being edited. Descendant documents may have no owners or multiple owners due to legacy behaviour in stroom. If there is no change to the owner of the top level document then the descendant owners will be ignored. If Cascade is set to All or there is a change to the owner of the top level document and Cascade is set to Changes Only then the top level owner will be made the only owner of all descendants replacing any existing owners. This change also adds a confirmation dialog that shows what changes will be made to descendant documents. See the GitHub issue for examples.