You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Sasi M (JIRA)" <ji...@apache.org> on 2012/07/18 04:59:33 UTC

[jira] [Updated] (CXF-4431) Add support for OAuth2 'mac' token type

     [ https://issues.apache.org/jira/browse/CXF-4431?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sasi M updated CXF-4431:
------------------------

    Attachment: mac_token_support.txt

Here is a patch that provides basic server side functionality for provisioning 'mac' token types and client functionality for request signing as per the OAuth2 spec.
This patch does not include the support for checking the client timestamp/nonce yet.
                
> Add support for OAuth2 'mac' token type
> ---------------------------------------
>
>                 Key: CXF-4431
>                 URL: https://issues.apache.org/jira/browse/CXF-4431
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS, JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Sasi M
>             Fix For: 2.7.0
>
>         Attachments: mac_token_support.txt
>
>
> CXF currently supports only the Bearer token type. This token type is not feasible for use without SSL.
> OAuth2 specs out the 'mac' token type that requires request signing for authentication using the access token. The spec is described here:
> http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira