cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider#decryptStateString decoded?
Date Fri, 13 Jan 2017 18:11:16 GMT
In the mentionned method we have:

stateString = JwsUtils.verify(jws, stateString).getUnsignedEncodedSequence();


should we get:

stateString = JwsUtils.verify(jws, stateString).getDecodedJwsPayload();


?

Otherwise i don't see how the round trip can work

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message