You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oltu.apache.org by "Stein Welberg (JIRA)" <ji...@apache.org> on 2012/10/17 11:24:03 UTC

[jira] [Comment Edited] (AMBER-49) AuthorizationCodeValidator needs to be updated to latest spec

    [ https://issues.apache.org/jira/browse/AMBER-49?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477723#comment-13477723 ] 

Stein Welberg edited comment on AMBER-49 at 10/17/12 9:22 AM:
--------------------------------------------------------------

I created a new patch including the comments you placed. (it replaces the previous patch)

However I had to make two types of OAuthTokenRequests.. Because the spec states that it is possible that unauthenticated clients should be able to request tokens.. In order to support this I made two AuthorizationCodeValidators. One for the authenticated requests and the other for unauthenticated requests. The same goes for the OAuthTokenRequest class. One for the authenticated Requests (OAuthAuthenticatedTokenRequest) and one for unauthenticated (OAuthTokenRequest). Hope this suits your needs :-)

See attachment: Patch_for_AMBER-49.patch
                
      was (Author: steinwelberg):
    I created a new patch including the comments you placed. (it replaces the previous patch)

However I had to make two types of OAuthTokenRequests.. Because the spec states that it is possible that unauthenticated clients should be able to request tokens.. In order to support this I made two AuthorizationCodeValidators. One for the authenticated requests and the other for unauthenticated requests. The same goes for the OAuthTokenRequest class. One for the authenticated Requests (OAuthAuthenticatedTokenRequest) and one for unauthenticated (OAuthTokenRequest). Hope this suits your needs :-)
                  
> AuthorizationCodeValidator needs to be updated to latest spec
> -------------------------------------------------------------
>
>                 Key: AMBER-49
>                 URL: https://issues.apache.org/jira/browse/AMBER-49
>             Project: Amber
>          Issue Type: Bug
>          Components: OAuth 2.0 - Authorization Server
>            Reporter: Antonio Sanso
>            Assignee: Antonio Sanso
>         Attachments: Patch_for_AMBER-49.patch
>
>
> The authorization code grant type it wrongly automatically validates that the client ID and secret are there.
> See also [0]
> [0] http://amber.markmail.org/message/b7q5lpe2ijh7lfrv

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira