You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Peter De Winter <pe...@mijathi.be> on 2014/12/18 17:32:15 UTC

Oauth2 implicit fragment access_token

Hello all,

Short question on the implicit flow with jax-rs.
The redirect url with the fragment contains an access_token attribute.
Contains a access-token but no secret. 
So how do you get by the HawkTokenValidator if you have no secret to
generate the correct Mac (sha-256) on the client agent?

Thanks for any help!
Peter DW



--
View this message in context: http://cxf.547215.n5.nabble.com/Oauth2-implicit-fragment-access-token-tp5752521.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Oauth2 implicit fragment access_token

Posted by Sergey Beryozkin <sb...@gmail.com>.

Hi Peter, I've just replied

Thanks, Sergey
On 18/12/14 16:32, Peter De Winter wrote:
> Hello all,
>
> Short question on the implicit flow with jax-rs.
> The redirect url with the fragment contains an access_token attribute.
> Contains a access-token but no secret.
> So how do you get by the HawkTokenValidator if you have no secret to
> generate the correct Mac (sha-256) on the client agent?
>
> Thanks for any help!
> Peter DW
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Oauth2-implicit-fragment-access-token-tp5752521.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>