oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stein Welberg (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBER-64) QueryParameterApplier needs to include the scope parameter in the fragment
Date Thu, 13 Dec 2012 08:03:21 GMT

    [ https://issues.apache.org/jira/browse/AMBER-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13530773#comment-13530773

Stein Welberg commented on AMBER-64:


You have me a little confused indeed. I agree that if the client also uses this library we
should remove the restriction to include only OAuth (authorization server) allowed query parameters.
However, I do think that we at least should prevent the query parameters applier to add parameters
both to the fragment and the query string.

Still it is a little confusing that the query parameter applier is used at both the OAuth
client and Authorization server. It tries to serve two needs, however it doesn't do both completely
in my opinion. Maybe there should be some kind of specific applier for both the client and
the authorization server with a common base which could be the current parameters applier.
In my opinion Amber should assist other programmers in creating a compliant OAuth implementation.

What do you think?
> QueryParameterApplier needs to include the scope parameter in the fragment 
> ---------------------------------------------------------------------------
>                 Key: AMBER-64
>                 URL: https://issues.apache.org/jira/browse/AMBER-64
>             Project: Amber
>          Issue Type: Bug
>            Reporter: Stein Welberg
>            Assignee: Antonio Sanso
>         Attachments: AMBER-64_improved.patch
> According to the spec (see [0]) the scope parameter also needs to be included in the
url fragment if it is provided.
> Please find the patch attached to fix this attached to this issue.
> [0] http://tools.ietf.org/html/rfc6749#section-4.2.2

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message