cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Commented] (CXF-4431) Add support for OAuth2 'mac' token type
Date Wed, 18 Jul 2012 14:23:34 GMT


Sergey Beryozkin commented on CXF-4431:

It's a good quality patch, thanks, will try to merge it before CXF 2.6.2 is out.

I've been curious if the MAC spec would conflict with

but it appears the HOTK proposal explicitly mentions MAC as one of the symmetric key profiles,
so that should be OK

> Add support for OAuth2 'mac' token type
> ---------------------------------------
>                 Key: CXF-4431
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS, JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Sasi M
>             Fix For: 2.7.0
>         Attachments: mac_token_nonce_checking.txt, mac_token_support.txt
> CXF currently supports only the Bearer token type. This token type is not feasible for
use without SSL.
> OAuth2 specs out the 'mac' token type that requires request signing for authentication
using the access token. The spec is described here:

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message