You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2015/09/02 15:40:46 UTC
[jira] [Comment Edited] (CXF-6573) AccessToken doesn't serialize
with snake-case
[ https://issues.apache.org/jira/browse/CXF-6573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14727097#comment-14727097 ]
Sergey Beryozkin edited comment on CXF-6573 at 9/2/15 1:39 PM:
---------------------------------------------------------------
Hmm, I actually did not document that OAuthJsonProvider is supposed to be used, will do asap.
Usually I refer users to a demo which is linked to a Google page after a "CXF OAuth2" search.
I'm not sure about letting 3rd party JSON providers write the response. Let me ask, how does Jackson writes
a Map 'parameters' field ? Does it introduce a 'parameters' key into a response (add a single entry into this Map if it ignores the empty Map) ? The reason I ask is that the entries in Map 'parameters' have to be siblings of the main token properties, the actual 'parameters' key can not be introduced. If Jackson can be controlled to block a 'parameters' key while outputting the actual Map entries then we can consider adding Jaxb annotations to have it working with a JacksonJaxb provider.
Please also check, does it output 'expiresIn' if it is set to 0 ? The code sets it to -1 by default but I guess it is fine to initialize it to 0 by default in case of 'never expires'.
was (Author: sergey_beryozkin):
Hmm, I actually did not document that OAuthJsonProvider is supposed to be used, will do asap.
Usually I refer users to a demo which is linked to a Google page after a "CXF OAuth2" search.
I'm not sure about letting 3rd party JSON providers write the response. Let me ask, how does Jackson writes
a Map 'parameters' field ? Does it introduce a 'parameters' key into a response (add a single entry into this Map if it ignores the empty Map) ? The reason I ask is that the entries in Map 'parameters' have to be siblings of the main token properties, the actual 'parameters' key can not be introduced. If Jackson can be controlled to block a 'parameters' key while outputting the actual Map entries then we can consider adding Jaxb annotations to have it working with a JacksonJaxb provider.
Please also check, does it output 'expiresIn' if it is set to 0 ? The code sets it to -1 by default but I guess it is fine to initialize it to 0 by default in case of 'never expires'.
Hmm... Actually, AccessToken also has an issuedAt property which can optionally be reported but is otherwise a non-standard property that should not go out by default...
> AccessToken doesn't serialize with snake-case
> ---------------------------------------------
>
> Key: CXF-6573
> URL: https://issues.apache.org/jira/browse/CXF-6573
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 3.1.2
> Reporter: Karl von Randow
> Priority: Minor
>
> The org.apache.cxf.rs.security.oauth2.common.AccessToken class doesn't declare and JAXB (or other) annotations to influence how it is serialized. So it uses the default serialization style of the JAXB context.
> In my case this is camel case.
> This means that the AccessToken response from the AccessTokenService uses camel case. The OAuth docs _appear_ (I'm not a scholar of them) to indicate that it should be snake case.
> Is that true? Is this a thing? Would it be something you'd consider, adding `@XmlElement(name = "token_key")` annotations? That would be a breaking change for existing users...
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)