cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6288) OAuth2: Hook to Pre-process or post process the scopes to have more control over Authorization
Date Wed, 11 Mar 2015 16:02:38 GMT

    [ https://issues.apache.org/jira/browse/CXF-6288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14357093#comment-14357093
] 

Sergey Beryozkin commented on CXF-6288:
---------------------------------------

So it is the authorization code flow, the client, when redirecting the end user, requests
"a b c", the end user logs in to the OAuth2 server, and is asked to approve the client requesting
scopes 'a b c', the end users says yes, so by default 'a b c' is approved,  however, if this
end user does not have a specific role allowing for this user to approve all the scopes then
this approval should be invalidated or the list of scopes such as "a b c" is limited to say
"a b" only ?



> OAuth2: Hook to Pre-process or post process the scopes to have more control over Authorization
> ----------------------------------------------------------------------------------------------
>
>                 Key: CXF-6288
>                 URL: https://issues.apache.org/jira/browse/CXF-6288
>             Project: CXF
>          Issue Type: New Feature
>          Components: JAX-RS Security
>            Reporter: pavan
>            Priority: Critical
>
> We have a requirement as such to grant scopes to the end user based on user roles. With
the current cxf implementation we cant implement such requirement. It will be possible if
CXF provide us with a hook which will enable the developers to process the scopes and return
the resultant scopes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message