oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OLTU-127) OAuthUnauthenticatedTokenRequest unnecessarily requires the "client_id" parameter
Date Tue, 29 Oct 2013 20:13:25 GMT
Christian created OLTU-127:

             Summary: OAuthUnauthenticatedTokenRequest unnecessarily requires the "client_id"
                 Key: OLTU-127
                 URL: https://issues.apache.org/jira/browse/OLTU-127
             Project: Apache Oltu
          Issue Type: Bug
          Components: oauth2-authzserver
    Affects Versions: 0.31
         Environment: JBoss 7.1.1
            Reporter: Christian

The OAuthUnauthenticatedTokenRequest(HttpServletRequest) constructor will inappropriately
fail if the "client_id" parameter is missing. But it is optional for "Resource Owner Password
Credentials Grant". From the specification (section 4.3.2):

   If the client type is confidential or the client was issued client
   credentials (or assigned other authentication requirements), the
   client MUST authenticate with the authorization server as described
   in Section 3.2.1.

This message was sent by Atlassian JIRA

View raw message