cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-4883) OAuth2 RedirectionBasedService needs to do only a strict comparison of redirect URI
Date Thu, 07 Mar 2013 13:42:12 GMT

     [ https://issues.apache.org/jira/browse/CXF-4883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-4883.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.6.7
                   2.7.4
                   2.8.0
    
> OAuth2 RedirectionBasedService needs to do only a strict comparison of redirect URI
> -----------------------------------------------------------------------------------
>
>                 Key: CXF-4883
>                 URL: https://issues.apache.org/jira/browse/CXF-4883
>             Project: CXF
>          Issue Type: Task
>          Components: JAX-RS, JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 2.8.0, 2.7.4, 2.6.7
>
>
> At the moment, RedirectionBasedService (authorization & implicit flows) will use
the client application URI if other registered redirect URIs do not match the current redirect
URI.
> For example, if the client application URI is "https://photos.com", and the current redirectUri
is "https://photos.com/1?a=2" then the check will pass as "https://photos.com/1?a=2" starts
from "https://photos.com".
> OAuth2 experts have strongly recommended recently to use the strict comparison only,
which is what this service will do from now on

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message