You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2014/04/25 13:42:15 UTC
[jira] [Updated] (CXF-5712) OAuth2 SessionAuthenticityTokenProvider
must be able to validate user form data
[ https://issues.apache.org/jira/browse/CXF-5712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin updated CXF-5712:
----------------------------------
Summary: OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data (was: OAuth2 SessionAuthenticityTokenProvider nust be able to validate user form data)
> OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data
> -------------------------------------------------------------------------------
>
> Key: CXF-5712
> URL: https://issues.apache.org/jira/browse/CXF-5712
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS, JAX-RS Security
> Reporter: Sergey Beryozkin
> Fix For: 3.0.0
>
>
> SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not sufficient for validating data like temporarily codes, etc.
> For example, when the user is redirected to AuthorizationService to authorize a grant request the service will challenge the user with the authorization form, at this point custom SessionAuthenticityTokenProvider should be able to sent a temp code to the user's mobile/email and request the user to enter this code into the form and then validate it on the user confirmation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)