oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rikard Swahn (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OLTU-109) OAuthTokenRequest unnecessarily requires the "redirect_uri" parameter
Date Mon, 14 Sep 2015 10:27:45 GMT

    [ https://issues.apache.org/jira/browse/OLTU-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14743336#comment-14743336
] 

Rikard Swahn commented on OLTU-109:
-----------------------------------

Yes, I agree that the check should be done by the implementation, and not by Oltu.

> OAuthTokenRequest unnecessarily requires the "redirect_uri" parameter
> ---------------------------------------------------------------------
>
>                 Key: OLTU-109
>                 URL: https://issues.apache.org/jira/browse/OLTU-109
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-authzserver
>    Affects Versions: oauth2-0.22
>         Environment: Authorization Server
>            Reporter: John Jenkins
>             Fix For: oauth2-0.31
>
>
> The OAuthTokenRequest(HttpServletRequest) constructor will inappropriately fail if the
"redirect_uri" parameter is missing. This is only required if the "redirect_uri" was given
in the previous, "code" request. From the specification (section 4.1.3):
> redirect_uri
>          REQUIRED, if the "redirect_uri" parameter was included in the
>          authorization request as described in Section 4.1.1, and their
>          values MUST be identical.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message