oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stein Welberg (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBER-49) AuthorizationCodeValidator needs to be updated to latest spec
Date Tue, 20 Nov 2012 09:06:58 GMT

    [ https://issues.apache.org/jira/browse/AMBER-49?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13500930#comment-13500930
] 

Stein Welberg commented on AMBER-49:
------------------------------------

Hi Antonio,

That is true. However, I have been struggling to prevent this. I couldn't find a way to combine
both the unauthenticated (which is possible according to [0]) and authenticated token requests
in a single class the way it currently is setup in Amber. That's why I want for the less generic
approach of introducing a second TokenRequest class.

[0] http://tools.ietf.org/html/rfc6749#section-4.1.3

                
> AuthorizationCodeValidator needs to be updated to latest spec
> -------------------------------------------------------------
>
>                 Key: AMBER-49
>                 URL: https://issues.apache.org/jira/browse/AMBER-49
>             Project: Amber
>          Issue Type: Bug
>          Components: OAuth 2.0 - Authorization Server
>            Reporter: Antonio Sanso
>            Assignee: Antonio Sanso
>         Attachments: Patch_for_AMBER-49.patch
>
>
> The authorization code grant type it wrongly automatically validates that the client
ID and secret are there.
> See also [0]
> [0] http://amber.markmail.org/message/b7q5lpe2ijh7lfrv

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message