You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oltu.apache.org by "Stein Welberg (JIRA)" <ji...@apache.org> on 2013/05/15 22:37:17 UTC

[jira] [Resolved] (OLTU-16) RefreshTokenValidator needs to be updated to the latest spec

     [ https://issues.apache.org/jira/browse/OLTU-16?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stein Welberg resolved OLTU-16.
-------------------------------

    Resolution: Fixed

In the end it didn't seem possible (with the current setup of the validators) to do everything (authenticated and unauthenticated requests) in one class. So another class is introduced which enables you to also accept unauthenticated token requests. This class carries a different name (UnauthenticatedTokenRequest) because we believe that by default you should enable client authentication!

See OLTU-5 for more discussion.
                
> RefreshTokenValidator needs to be updated to the latest spec
> ------------------------------------------------------------
>
>                 Key: OLTU-16
>                 URL: https://issues.apache.org/jira/browse/OLTU-16
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-authzserver
>            Reporter: Stein Welberg
>            Assignee: Stein Welberg
>
> Actually this issue is the same as AMBER-49. The refresh token validator cannot handle when the client_id and client_secret are presented in the Authorization header.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira