When creating Applications there's missing the sensitive part returned by the API. #1127
Description
Summary
The first time one creates an application, both from the WUI or through the API, it has a only-one-time response that includes the sensitive information related to the new application, as for example:
{
"id": 2,
"url": "[/api/gateway/v1/applications/2/](https://aap25.iam.lab/api/gateway/v1/applications/2/)",
"related": {
"access_tokens": "[/api/gateway/v1/applications/2/tokens/](https://aap25.iam.lab/api/gateway/v1/applications/2/tokens/)",
"activity_stream": "[/api/gateway/v1/activitystream/?content_type=36&object_id=2](https://aap25.iam.lab/api/gateway/v1/activitystream/?content_type=36&object_id=2)",
"created_by": "[/api/gateway/v1/users/2/](https://aap25.iam.lab/api/gateway/v1/users/2/)",
"modified_by": "[/api/gateway/v1/users/2/](https://aap25.iam.lab/api/gateway/v1/users/2/)",
"organization": "[/api/gateway/v1/organizations/2/](https://aap25.iam.lab/api/gateway/v1/organizations/2/)"
},
"summary_fields": {
"modified_by": {
"id": 2,
"username": "admin",
"first_name": "",
"last_name": ""
},
"created_by": {
"id": 2,
"username": "admin",
"first_name": "",
"last_name": ""
},
"organization": {
"id": 2,
"name": "Systems Engineering"
},
"tokens": {
"count": 0,
"results": []
}
},
"created": "2025-06-17T12:24:10.511806Z",
"created_by": 2,
"modified": "2025-06-17T12:24:10.511777Z",
"modified_by": 2,
"name": "test_gateway_application",
"client_id": "8eK4AHhevMnqWnLBdb2U3SGyRPd5n052RyK8Gjey",
"redirect_uris": "https://test_url/",
"post_logout_redirect_uris": "",
"algorithm": "",
"user": null,
"description": "",
"organization": 2,
"app_url": "",
"client_secret": "ePgxwNgLJ28WNFEhuMELZ1lA0qrf4vT57Bb3ZyZauitSLLxREUJGhYWfkmfLG1cO9jmusTlcFBIoKcqKWiyXPmbVjmuS7v1BlGhsI7K79RcX9zIrQK8cMyu1WOPWJndB",
"client_type": "confidential",
"skip_authorization": false,
"authorization_grant_type": "authorization-code"
}In the output above, the field client_secret contains the secret needed to use the Application.
Without this information, the newly created application is completely useless, as no one knows it's sensitive information.
Issue Type
- Bug Report
Ansible, Collection, Controller details
Applies to all versions for this collection.
- ansible installation method: one of source, pip, OS package, EE
OS / ENVIRONMENT
N/A
Desired Behavior
infra.aap_configuration.controller_applications and infra.aap_configuration.gateway_applications roles should return the sensitive data from the API and show them to the executer so it can be consumed.
Actual Behavior
See description above.
STEPS TO REPRODUCE
See description above.