Restricted attributes returned by GET api/{realm}/asset/user/current

Hi,

I have the following issue I would like to report. I was going to report it on github but there I read ARE YOU A DEVELOPER? NO? THEN DO NOT FILE ISSUES - REQUEST SUPPORT HERE INSTEAD. and decided to report it here.

Describe the bug
Attributes without “access restricted read/write” set to true (i.e., restricted attributes) returned by GET api/{realm}/asset/user/current.

To Reproduce
Steps to reproduce the behavior:

  1. Create an asset (can be on the master realm).
  2. Create a service user.
  3. Enable “restricted user”, enable “read/write” (all) and link the asset above.
  4. GET api/{realm}/asset/user/current (using the client id/secret of the service user above).
  5. Attributes without “access restricted read/write” set to true (i.e., restricted attributes) returned.

Expected behavior
Attributes without “access restricted read/write” set to true (i.e., restricted attributes) are not be returned. This is the behavior of the assets page.

Best regards,
Adriano Carvalho

1 Like

Hi @adrianocarvalhodtx

Thanks for taking the time to let us know about this. I will put it on our backlog with high priority as your expected behaviour is correct.

Rich