cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5764) AccessTokenService should allow the client authentication with a client id only
Date Fri, 23 May 2014 15:45:02 GMT
Sergey Beryozkin created CXF-5764:
-------------------------------------

             Summary: AccessTokenService should allow the client authentication with a client
id only
                 Key: CXF-5764
                 URL: https://issues.apache.org/jira/browse/CXF-5764
             Project: CXF
          Issue Type: Improvement
          Components: JAX-RS Security
            Reporter: Sergey Beryozkin
            Priority: Minor


In some cases we may have a client_id parameter available, but no client_secret, the latter
may be encrypted in client_id or some other parameter such as an assertion may securely identify
a client.
At the moment if AccessTokenService sees a client_id parameter it will enforce the presence
of client_secret for the confidential clients which may block the valid clients.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message