oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Javault (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OLTU-194) Parameter OAUTH_REDIRECT_URI is considered REQUIRED even when it shouldn't
Date Fri, 04 Mar 2016 01:39:40 GMT
Michael Javault created OLTU-194:
------------------------------------

             Summary: Parameter OAUTH_REDIRECT_URI is considered REQUIRED even when it shouldn't
                 Key: OLTU-194
                 URL: https://issues.apache.org/jira/browse/OLTU-194
             Project: Apache Oltu
          Issue Type: Bug
            Reporter: Michael Javault
            Priority: Minor


The current implementation of the {{OAuthTokenRequest}} forces all authorization code requests
to provide a redirect URI, or fails, but using {{AuthorizationCodeValidator}}:
{{AuthorizationCodeValidator.java:38}}
{code}
        requiredParams.add(OAuth.OAUTH_REDIRECT_URI);
{code}

But per the [RFC 6749|http://tools.ietf.org/html/rfc6749#section-4.1.3], the redirect URI
field is not always required:
{noformat}
   redirect_uri
         REQUIRED, if the "redirect_uri" parameter was included in the
         authorization request as described in Section 4.1.1, and their
         values MUST be identical.
 {noformat}

I am working with clients that force registration per [section 3.1.2.2|http://tools.ietf.org/html/rfc6749#section-3.1.2.2],
and do not provide a redirect URI.
As a work around, I am using the {{OAuthUnauthenticatedTokenRequest}} class instead of the
{{OAuthTokenRequest}} but I have to re-implement the {{validateClientAuthenticationCredentials()}}
function.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message