cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5569) OAuth AbstractAuthFilter and query parameters used for signing
Date Tue, 18 Feb 2014 17:48:21 GMT

    [ https://issues.apache.org/jira/browse/CXF-5569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13904304#comment-13904304
] 

Sergey Beryozkin commented on CXF-5569:
---------------------------------------

Hi, can you give me a favor and explain which parameter affects the signature calculation
on the client side which is not taken into the consideration on the server side and link to
the relevant text in the OAuth1 spec ?
Thanks, Sergey

> OAuth AbstractAuthFilter and query parameters used for signing
> --------------------------------------------------------------
>
>                 Key: CXF-5569
>                 URL: https://issues.apache.org/jira/browse/CXF-5569
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 2.7.10
>            Reporter: Jason Klapste
>            Priority: Minor
>
> In the AbstractAuthFilter the query (or body) parameters used for signing are only those
included in ALLOWED_OAUTH_PARAMETERS.
> But if I'm reading the RFC correctly, it looks are though ALL parameters should be considered
for signature generation.
> To support both backwards compatibility, can I suggest exposing the ALLOWED_OAUTH_PARAMETERS
to subclasses (either directly or via getter/setters) along with a flag that can be set to
automatically include any and all parameters?



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message