cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Evgeni Kisel (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4478) [OAuth1.0] RequestTokenHandler doesn't support custom input parameters
Date Mon, 26 Nov 2012 14:36:58 GMT

    [ https://issues.apache.org/jira/browse/CXF-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13503804#comment-13503804
] 

Evgeni Kisel commented on CXF-4478:
-----------------------------------

OAuth 1.0 must be used because it's more secure and have finalized signed-off documentation.

> I'd like to understand the flow better. Does it implies the use "oob" ?
It can be for oob cases and for non-oob as well.


> Please prototype the example: basically I need to see when a custom parameter is reported
back, I'm assuming it has to be done after the user has authorized the client, but the question
is, does it have to reported back as part of "oob" response, or after the client requests
the access token.

It doesn't matter which step. Each step should support customizing. Developers should be able
to add their own custom input and output parameters and handle them appropriately.

                
> [OAuth1.0] RequestTokenHandler doesn't support custom input parameters
> ----------------------------------------------------------------------
>
>                 Key: CXF-4478
>                 URL: https://issues.apache.org/jira/browse/CXF-4478
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Evgeni Kisel
>
> According to the spec custom parameters can be added but currnnelty it's impossible to
use them because:
> 1. there are no hooks in the handle class to be overridden.
> 2. RequestTokenRegistration object doesn't contain a map with custom parameters.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message