You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2016/11/01 13:20:58 UTC
[jira] [Commented] (CXF-7115) Issuer in TokenIntrospection should
be quoted in JSON
[ https://issues.apache.org/jira/browse/CXF-7115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15625423#comment-15625423 ]
Sergey Beryozkin commented on CXF-7115:
---------------------------------------
Thanks for spotting it, it was a copy and paste issue. FYI, ATs can be now represented as JWTs by the default Ehcache/JCache providers which may offer an option to validate them locally at the RS side
> Issuer in TokenIntrospection should be quoted in JSON
> -----------------------------------------------------
>
> Key: CXF-7115
> URL: https://issues.apache.org/jira/browse/CXF-7115
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.1.8
> Reporter: Svein Otto Solem
> Assignee: Sergey Beryozkin
> Priority: Trivial
> Fix For: 3.2.0, 3.1.9
>
>
> See line 118 in OauthJSONProvider :
> appendJsonPair(sb, "iss", obj.getIss(), false);
> it should be
> appendJsonPair(sb, "iss", obj.getIss(), true );
> in my opinion since the issuer typically is a uri.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)