oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Sanso <asa...@adobe.com>
Subject Amber's implementation goals/policy
Date Fri, 09 Dec 2011 10:06:57 GMT
Hi *,

I'd have a question/doubt about a Jira ticket I have issued yesterday [0] and I hope this
list might help me to address it correctly.
Now as you can see from [0] it is about parts of the specification like :

        REQUIRED if the "state" parameter was present in the client
        authorization request.  The exact value received from the

Now IMHO there are two distinct way a "library" can address it:

a) provide the API namely OAuthAuthorizationResponseBuilder#setState and "trust" that the
AMBER user will do the right thing e.g. using the API in his implementation, as in [1]

OAuthResponse resp = OAuthASResponse


b) integrate this "rule" in the AMBER "framework"

IMHO b) fits more with the description of AMBER provided e.g. in the report  "....an unconditionally
compliant implementation".

I also think that the specification is full of cases like  [0] and we need to take a clear
steering where we would like to go ( a) or b) ??)




[0] https://issues.apache.org/jira/browse/AMBER-45
[1] https://cwiki.apache.org/confluence/display/AMBER/OAuth+2.0+Authorization+Server

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message