Return-Path: <dev-return-17162-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id B1129200BF8
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri, 13 Jan 2017 19:11:48 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id AE028160B3F; Fri, 13 Jan 2017 18:11:48 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 0440B160B2E
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 13 Jan 2017 19:11:47 +0100 (CET)
Received: (qmail 23482 invoked by uid 500); 13 Jan 2017 18:11:47 -0000
Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cxf.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cxf.apache.org>
List-Post: <mailto:dev@cxf.apache.org>
List-Id: <dev.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list dev@cxf.apache.org
Received: (qmail 23470 invoked by uid 99); 13 Jan 2017 18:11:46 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jan 2017 18:11:46 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 66A3AC0198
	for <dev@cxf.apache.org>; Fri, 13 Jan 2017 18:11:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.379
X-Spam-Level: **
X-Spam-Status: No, score=2.379 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd1-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id zQQyXXshlpJf for <dev@cxf.apache.org>;
	Fri, 13 Jan 2017 18:11:44 +0000 (UTC)
Received: from mail-wm0-f53.google.com (mail-wm0-f53.google.com [74.125.82.53])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 9CD405F2EF
	for <dev@cxf.apache.org>; Fri, 13 Jan 2017 18:11:43 +0000 (UTC)
Received: by mail-wm0-f53.google.com with SMTP id n129so13855828wmn.0
        for <dev@cxf.apache.org>; Fri, 13 Jan 2017 10:11:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=nfGffzibq+9pTaBOimnc1KoRebscX4zmiePenY0B35k=;
        b=Qx0v/4PhmDiWfkmgDb7EPOeFdokHBD4N/gahxiMhCwqS4kmsz7tXBQwO3kyu/Blank
         9WErhm/KYNSLHYNo5oeHX4oB+pOk6ANjpkMp5ymmXqK4EbllDujk3YQio0nf3IeW97P/
         8gBKEGXVXDNwWs5TJIVy7v4PzLHDb6O2YZ5BOBjRJ2oNTXZ15C8zby1Y1DCx2GFVr03J
         wOwH4u13BB4xUUic1ZW7o+w0SRxGncC8Gg/SOy8D/mEkJHYy3dcO6SCh3d8hEOBR3RJc
         Kffo5h80NTl6XarK4Uj1tmnFRgZEKOwS3CIqDvJX+Bk6Xsiszy8mQKU7F5SmNxlV84ay
         bgTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=nfGffzibq+9pTaBOimnc1KoRebscX4zmiePenY0B35k=;
        b=Cp9Of1f2bfPmcaqz+Ro7Ywh8AQiw6nRNW4tVgFkgZkba9L89nCzUDsU/VYpazt0Ay7
         8GRGjBOVVj3vWMc2KqTaw0wgt01YbmpipXL6G3j1gWWIK4lSPOuWO1nVIhrfkM/f+ma5
         nvJQWRs3bDiypqrTBb7NERUfoAIHCxNB8b2YqYdphlwkfw20jXQPu3krYxz2thzgj0x8
         IJmNsrse/x9cWfOGo3+WdvdlI08hA08LArWvTcPtqbtwtE4i8tZRwYcA6n/JbYECE9iw
         gh79Mjriffz9EaN3r4jGF/08tyuh6NDdk5KUq8mQ9IuGxWs9KomhYXvHGh3zlCqEz5x7
         Xq0A==
X-Gm-Message-State: AIkVDXI85mmAJYl6XF+FAxIK8zp/6FOAaGx6UUfFqGwvVdjn0hd3gGGnJWDumyRzSXWh/b9lFrQycvlwcbex0Q==
X-Received: by 10.223.164.73 with SMTP id e9mr12882585wra.71.1484331097154;
 Fri, 13 Jan 2017 10:11:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.122.69 with HTTP; Fri, 13 Jan 2017 10:11:16 -0800 (PST)
From: Romain Manni-Bucau <rmannibucau@gmail.com>
Date: Fri, 13 Jan 2017 19:11:16 +0100
Message-ID: <CACLE=7MsqTVL-1O9UX=vpWs6JAXNBvsC2+YHM0TFr2yD4xRNjw@mail.gmail.com>
Subject: org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider#decryptStateString
 decoded?
To: "dev@cxf.apache.org" <dev@cxf.apache.org>
Content-Type: multipart/alternative; boundary=f403045f1edcc668390545fdc386
archived-at: Fri, 13 Jan 2017 18:11:48 -0000

--f403045f1edcc668390545fdc386
Content-Type: text/plain; charset=UTF-8

In the mentionned method we have:

stateString = JwsUtils.verify(jws, stateString).getUnsignedEncodedSequence();


should we get:

stateString = JwsUtils.verify(jws, stateString).getDecodedJwsPayload();


?

Otherwise i don't see how the round trip can work

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>

--f403045f1edcc668390545fdc386--