cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Sargento (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5599) OAuthRequestFilter, is not compliant with RFC 6750
Date Mon, 10 Mar 2014 00:23:42 GMT

    [ https://issues.apache.org/jira/browse/CXF-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13925366#comment-13925366
] 

Antonio Sargento commented on CXF-5599:
---------------------------------------

Yes, since in RFC 6750, there are three ways to pass the token:
* Authorization Request Header Field
* Form-Encoded Body Parameter
* URI Query Parameter
The OAuthRequestFilter filter implements only the first.

> OAuthRequestFilter, is not compliant with RFC 6750
> --------------------------------------------------
>
>                 Key: CXF-5599
>                 URL: https://issues.apache.org/jira/browse/CXF-5599
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 3.0.0-milestone2, 2.7.10
>            Reporter: Antonio Sargento
>              Labels: oauth2
>
> The OAuth 2.0 Filter, OAuthRequestFilter, is not compliant with [RFC 6750|http://tools.ietf.org/html/rfc6750].



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message