controller_configuration icon indicating copy to clipboard operation
controller_configuration copied to clipboard

Published 20 hours ago verified publisher icon redhat-cop

When creating Applications there's missing the sensitive part returned by the API.

Open ivarmu opened this issue 5 months ago • 2 comments

Summary

The first time one creates an application, both from the WUI or through the API, it has a only-one-time response that includes the sensitive information related to the new application, as for example:

{
    "id": 2,
    "url": "[/api/gateway/v1/applications/2/](https://aap25.iam.lab/api/gateway/v1/applications/2/)",
    "related": {
        "access_tokens": "[/api/gateway/v1/applications/2/tokens/](https://aap25.iam.lab/api/gateway/v1/applications/2/tokens/)",
        "activity_stream": "[/api/gateway/v1/activitystream/?content_type=36&object_id=2](https://aap25.iam.lab/api/gateway/v1/activitystream/?content_type=36&object_id=2)",
        "created_by": "[/api/gateway/v1/users/2/](https://aap25.iam.lab/api/gateway/v1/users/2/)",
        "modified_by": "[/api/gateway/v1/users/2/](https://aap25.iam.lab/api/gateway/v1/users/2/)",
        "organization": "[/api/gateway/v1/organizations/2/](https://aap25.iam.lab/api/gateway/v1/organizations/2/)"
    },
    "summary_fields": {
        "modified_by": {
            "id": 2,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        },
        "created_by": {
            "id": 2,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        },
        "organization": {
            "id": 2,
            "name": "Systems Engineering"
        },
        "tokens": {
            "count": 0,
            "results": []
        }
    },
    "created": "2025-06-17T12:24:10.511806Z",
    "created_by": 2,
    "modified": "2025-06-17T12:24:10.511777Z",
    "modified_by": 2,
    "name": "test_gateway_application",
    "client_id": "8eK4AHhevMnqWnLBdb2U3SGyRPd5n052RyK8Gjey",
    "redirect_uris": "https://test_url/",
    "post_logout_redirect_uris": "",
    "algorithm": "",
    "user": null,
    "description": "",
    "organization": 2,
    "app_url": "",
    "client_secret": "ePgxwNgLJ28WNFEhuMELZ1lA0qrf4vT57Bb3ZyZauitSLLxREUJGhYWfkmfLG1cO9jmusTlcFBIoKcqKWiyXPmbVjmuS7v1BlGhsI7K79RcX9zIrQK8cMyu1WOPWJndB",
    "client_type": "confidential",
    "skip_authorization": false,
    "authorization_grant_type": "authorization-code"
}

In the output above, the field client_secret contains the secret needed to use the Application. Without this information, the newly created application is completely useless, as no one knows it's sensitive information.

Issue Type

  • Bug Report

Ansible, Collection, Controller details

Applies to all versions for this collection.

  • ansible installation method: one of source, pip, OS package, EE

OS / ENVIRONMENT

N/A

Desired Behavior

infra.aap_configuration.controller_applications and infra.aap_configuration.gateway_applications roles should return the sensitive data from the API and show them to the executer so it can be consumed.

Actual Behavior

See description above.

STEPS TO REPRODUCE

See description above.

ivarmu avatar Jun 17 '25 12:06 ivarmu