oauth.xml gets corrupted with duplicate entires (Doc ID 2469578.1)

Last updated on MARCH 25, 2019

Applies to:

Symptoms

On : 11.1.2.3.180717

ACTUAL BEHAVIOR
---------------
Error "Invalid Consent Management Request " when getting access token

$ curl -i -H "Authorization: Basic Y2xpZW50c2VwdDI2OmNsaWVudHNlcHQyNg=="
http://<HOSTNAME>.<DOMAIN>:<PORT>/ms_oauth/oauth2/endpoints/oauthservice/tokens -d 'grant_type=client_credentials&scope=UserProfile.me'
HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache, no-store, must-revalidate
Date: Fri, 28 Sep 2018 12:23:18 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
X-ORACLE-DMS-ECID:
d2e8b17fb0aeff29:1db1ab8:1661ad5c8bd:-8000-000000000001ca15
X-Powered-By: Servlet/2.5 JSP/2.1

{"error":"server_error","error_description":"oracle.security.idaas.oauth.common.provider.exception.OAuthMisconfigurationException:

Invalid ConsentManagement Request"}

STEPS
-----------------------
The issue can be reproduced at will with the following steps:

1.  Create a new UserProfile Service with 'Protected by OAuth Service Profile' as OAuthServiceProfile. Click Create.
     This creates the first entry in the oauth.xml under 'OAuthServiceProfile'.

2. In the same tab, change 'Protected by OAuth Service Profile' to blank. Click Apply.
    Check oauth.xml again. Ideally, the entry should have been removed from 'OAuthServiceProfile', but it is still present. This is the bug.

3. Change 'Protected by OAuth Service Profile' back to OAuthServiceProfile.
    Click Apply. This adds a new entry in the oauth.xml, thus reproducing the problem.

<resourceServerInterfaceRef>CheckUP</resourceServerInterfaceRef>
<resourceServerInterfaceRef>CheckUP</resourceServerInterfaceRef>

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.