oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OLTU-127) OAuthUnauthenticatedTokenRequest unnecessarily requires the "client_id" parameter
Date Tue, 29 Oct 2013 20:13:25 GMT
Christian created OLTU-127:
------------------------------

             Summary: OAuthUnauthenticatedTokenRequest unnecessarily requires the "client_id"
parameter
                 Key: OLTU-127
                 URL: https://issues.apache.org/jira/browse/OLTU-127
             Project: Apache Oltu
          Issue Type: Bug
          Components: oauth2-authzserver
    Affects Versions: 0.31
         Environment: JBoss 7.1.1
            Reporter: Christian


The OAuthUnauthenticatedTokenRequest(HttpServletRequest) constructor will inappropriately
fail if the "client_id" parameter is missing. But it is optional for "Resource Owner Password
Credentials Grant". From the specification (section 4.3.2):

   If the client type is confidential or the client was issued client
   credentials (or assigned other authentication requirements), the
   client MUST authenticate with the authorization server as described
   in Section 3.2.1.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message