cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-6304) AuthorizationCodeGrantHandler sets the approved scopes as the requested ones
Date Wed, 18 Mar 2015 16:08:38 GMT

     [ https://issues.apache.org/jira/browse/CXF-6304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-6304.
-----------------------------------
    Resolution: Fixed

> AuthorizationCodeGrantHandler sets the approved scopes as the requested ones
> ----------------------------------------------------------------------------
>
>                 Key: CXF-6304
>                 URL: https://issues.apache.org/jira/browse/CXF-6304
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>            Priority: Minor
>             Fix For: 3.1.0, 3.0.5
>
>
> The code grant handler sets the approved scopes as requested scopes and leaves the approved
scopes empty - this works because the docs imply that if the approved scopes are empty it
means the user has not downscoped. However this makes AccessTokenRegistration.getApprovedScopes
useless in case of the authorization code flow. It needs to be improved/fixed to make it cleaner



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message