Regenerate credential displays error when authorization scope is changed from Kong API Key with ACL flow to Client Credentials

[nirajCITZ]

Step 1: Sign in as Janis Step 2 : Select the environment of the product that has Kong API Key with ACL flow and access request is approved for the environment Step 3: Change the authorization scope from Kong API Key with ACL to Client Credential flow Step 4: Upload the plugin to Kong Step 5: Sign in as Harley Step 6: Navigate to my Access page Step 7: Select the Product and the environment whose Authorization scope has been updated Step 8: Click on Regenerate Credential button

Actual Result : Regenerate credential displays error when authorization scope is changed from Kong API Key with ACL flow to Client Credentials

Expected Result : 1)Regenerate credential should display correct client ID and Secret credential when authorization scope is changed from Kong API Key with ACL flow to Client Credentials 2)Service should be accessible with new credential

APS-log: apsportal | debug: [keystone.svc-access] Query [lookupCredentialReferenceByServiceAccess] result {"data":{"allServiceAccesses":[{"id":"8","consumerType":"client","productEnvironment":{"id":"3","name":"test","additionalDetailsToRequest":"This is a automation testEditing dev environment","flow":"client-credentials","credentialIssuer":{"id":"6","clientAuthenticator":"client-secret"}},"application":{"name":"For Test Env","owner":{"name":"Harley Jones","username":"harley","email":"[email protected]"}},"consumer":{"id":"8","username":"CD299A7D-943A0515ACD","customId":"CD299A7D-943A0515ACD","extForeignKey":"315beb33-fe33-4fc7-b153-b691eb9c39ae"},"credentialReference":"{"keyAuthPK":"abcdfd64-fa6f-48da-8116-2742100cde40","clientId":"CD299A7D-943A0515ACD"}"}]}} apsportal | debug: [keystone.prod-env] [lookupEnvironmentAndIssuerUsingWhereClause] WHERE {"id":"3"} apsportal | error: [general] GraphQL Error: Client ID not found CD299A7D-943A0515ACD apsportal | apsportal | GraphQL request:3:5 apsportal | 2 | mutation genCredential($id: ID!) { apsportal | 3 | regenerateCredentials(id: $id) { apsportal | | ^ apsportal | 4 | credential apsportal | {"level":50,"time":1670305164172,"pid":23,"hostname":"14e00e3feffa","name":"graphql","message":"Client ID not found CD299A7D-943A0515ACD","locations":[{"line":3,"column":5}],"path":["regenerateCredentials"],"uid":"clbbskh3300040nrugps3hy5b","name":"GraphQLError","generatedMessage":false,"code":"ERR_ASSERTION","actual":0,"expected":1,"operator":"strictEqual","stack":"KeycloakClientService. (dist/services/keycloak/client-service.js:56:29)\nGenerator.next ()\nfulfilled (dist/services/keycloak/client-service.js:5:58)\n"} apsportal | warn: [general] Removing exception details from error response apsportal | {"level":30,"time":1670305164175,"pid":23,"hostname":"14e00e3feffa","req":{"id":4440,"method":"POST","url":"/gql/api","headers":{"host":"oauth2proxy.localtest.me:4180","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Edg/108.0.1462.41","content-length":"143","accept":"application/json","accept-encoding":"gzip, deflate","accept-language":"en-CA,en-US;q=0.9,en;q=0.8","content-type":"application/json","cookie":"keystone.sid=s%3A7ZEkJTB2V5sO43zxPJCyAKogGse_QTgW.xNkppBzPiiiw1jQQt6B%2BHJ8NhWfxN4r642undNDu1GU; _oauth2_proxy=X29hdXRoMl9wcm94eS0yOTE3NDJjODg4YzI3M2RlODUzMDMzNDliMDc0ZTU1Yy5HTVNBVlpyYWUxYXp0RmMwR0xSa3N3|1670305104|lJhofRY7N0SrZfOS3VAzxM4bp2AjLXR4P-rx1wS8lCM=","origin":"http://oauth2proxy.localtest.me:4180","referer":"http://oauth2proxy.localtest.me:4180/devportal/access","x-forwarded-access-token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4bWxJbUplOXhxUFphMlNEYVlGMTBLWjJjUUhKQ2t0OEN1TjhNYjd5YkhVIn0.eyJleHAiOjE2NzAzMDU0MDQsImlhdCI6MTY3MDMwNTEwNCwiYXV0aF90aW1lIjoxNjcwMzA0Mjg4LCJqdGkiOiI5MTI2MWZhMy04MjI4LTQwMzctOTkxMi1lNThmZjE0NzM5M2UiLCJpc3MiOiJodHRwOi8va2V5Y2xvYWsubG9jYWx0ZXN0Lm1lOjkwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiZjYyOTZjYjAtYTdjNC00NWZjLTg4ZmYtYzFkYTc5M2ZmOTgxIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYXBzLXBvcnRhbCIsInNlc3Npb25fc3RhdGUiOiI1Y2NlN2E1MS05ODczLTQ0NWEtOTA5Zi0yZTE2NjkzM2M3ZmUiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIioiXSwic2NvcGUiOiJvcGVuaWQgTmFtZXNwYWNlLkFkbWluIGVtYWlsIHByb2ZpbGUgTmFtZXNwYWNlLkNyZWF0ZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkhhcmxleSBKb25lcyIsInByZWZlcnJlZF91c2VybmFtZSI6ImhhcmxleSIsImdpdmVuX25hbWUiOiJIYXJsZXkiLCJmYW1pbHlfbmFtZSI6IkpvbmVzIiwiZW1haWwiOiJoYXJsZXlAdGVzdC5jb20ifQ.CQg77cTlZsRyzbxf3YPNqklWfc7_vhzFQXDPkCrFYCcexYsmmk5_rD37yH0tqW7J3D5roc3dtdak9AJFss_Rz4k_MIhTkofLStFPUNS27nwRvhH22dhsY63Nu0pnLVJPVck3u155Z2KiJkthT4DEBDlxiQoHemnr9U25Vg-kqTquH8bZDJK37EoKUHiJ1uli9d_OjJo_xHmx80ITg8UN-ooT_QTVsN3bdQ8hDd5tAwc2BUWo9atIvkgoh9vT3q6zPqfB70kqpRW_mnD72UBGst8-GH7w5U4EfyP6VgZXqgQ8N1611uPjdBfX8tNyh45T1qVAJZ1TwCCezqzCyYp7dg","x-forwarded-email":"[email protected]","x-forwarded-for":"172.22.0.1","x-forwarded-preferred-username":"harley","x-forwarded-user":"f6296cb0-a7c4-45fc-88ff-c1da793ff981"},"remoteAddress":"::ffff:172.22.0.6","remotePort":40036},"res":{"statusCode":200,"headers":{"x-powered-by":"Express","x-keystone-app-version":"1.0.0","access-control-allow-origin":"http://oauth2proxy.localtest.me:4180","vary":"Origin","access-control-allow-credentials":"true","content-type":"application/json; charset=utf-8","content-length":"277","etag":"W/"115-g17engUQYzKbEG7TFBpkOBPreD0""}},"responseTime":757,"msg":"request completed"} oauth2-proxy | 172.22.0.1:61574 - 250f0123-e0f6-4cb4-9b50-6675e748aea9 - [email protected] [2022/12/06 05:39:23] oauth2proxy.localtest.me:4180 POST / "/gql/api" HTTP/1.1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Edg/108.0.1462.41" 200 277 0.832

[ikethecoder]

Although this is an error, it is a very boundary case, so I am going to label as wontfix but if we have free cycles we could look at later.