cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4432) [OAuth1.0] oob callback is not supported
Date Wed, 18 Jul 2012 23:18:35 GMT

    [ https://issues.apache.org/jira/browse/CXF-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417809#comment-13417809
] 

Sergey Beryozkin commented on CXF-4432:
---------------------------------------

Some support for 'oob' was originally available in the code contribued by Lukash, but I do
not recall now why I dropped it.

In case of 'oob' AuthorizationRequestService will return JAX-RS Response with the type set
to "text/html" and the entity to the instance of the newly introduced OOBAuthorizatonResponse:

http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java

RequestDispatcherProvider will need to be used to redirect the response to JSP or other view
handler for OOBAuthorizatonResponse properties to be converted to the HTML page to be presented
to the user.

The restriction: the client needs to preregister a callback URI as 'oob'.
                
> [OAuth1.0] oob callback is not supported
> ----------------------------------------
>
>                 Key: CXF-4432
>                 URL: https://issues.apache.org/jira/browse/CXF-4432
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS, JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Evgeni Kisel
>             Fix For: 2.6.2, 2.7.0
>
>
> OAuth spec says:
> oauth_callback: An absolute URI back to which the server will
> redirect the resource owner when the Resource Owner
> Authorization step (Section 2.2) is completed. If
> the client is unable to receive callbacks or a
> callback URI has been established via other means,
> the parameter value MUST be set to "oob" (case
> sensitive), to indicate an out-of-band
> configuration.
> But it's not supported.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message