Return-Path: X-Original-To: apmail-incubator-amber-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-amber-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CE08CD522 for ; Wed, 17 Oct 2012 09:22:12 +0000 (UTC) Received: (qmail 51382 invoked by uid 500); 17 Oct 2012 09:22:12 -0000 Delivered-To: apmail-incubator-amber-dev-archive@incubator.apache.org Received: (qmail 50763 invoked by uid 500); 17 Oct 2012 09:22:06 -0000 Mailing-List: contact amber-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: amber-dev@incubator.apache.org Delivered-To: mailing list amber-dev@incubator.apache.org Received: (qmail 50652 invoked by uid 99); 17 Oct 2012 09:22:03 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Oct 2012 09:22:03 +0000 Date: Wed, 17 Oct 2012 09:22:03 +0000 (UTC) From: "Stein Welberg (JIRA)" To: amber-dev@incubator.apache.org Message-ID: <632532319.56796.1350465723513.JavaMail.jiratomcat@arcas> In-Reply-To: <510610043.11862.1330695838292.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (AMBER-49) AuthorizationCodeValidator needs to be updated to latest spec MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AMBER-49?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477723#comment-13477723 ] Stein Welberg commented on AMBER-49: ------------------------------------ I created a new patch including the comments you placed. (it replaces the previous patch) However I had to make two types of OAuthTokenRequests.. Because the spec states that it is possible that unauthenticated clients should be able to request tokens.. In order to support this I made two AuthorizationCodeValidators. One for the authenticated requests and the other for unauthenticated requests. The same goes for the OAuthTokenRequest class. One for the authenticated Requests (OAuthAuthenticatedTokenRequest) and one for unauthenticated (OAuthTokenRequest). Hope this suits your needs :-) > AuthorizationCodeValidator needs to be updated to latest spec > ------------------------------------------------------------- > > Key: AMBER-49 > URL: https://issues.apache.org/jira/browse/AMBER-49 > Project: Amber > Issue Type: Bug > Components: OAuth 2.0 - Authorization Server > Reporter: Antonio Sanso > Assignee: Antonio Sanso > Attachments: Patch_for_AMBER-49.patch > > > The authorization code grant type it wrongly automatically validates that the client ID and secret are there. > See also [0] > [0] http://amber.markmail.org/message/b7q5lpe2ijh7lfrv -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira