You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2018/03/26 11:58:00 UTC

[jira] [Created] (QPIDJMS-372) [SASL] [XOAUTH2] Access token validation too restrictive

Keith Wall created QPIDJMS-372:
----------------------------------

             Summary: [SASL] [XOAUTH2] Access token validation too restrictive
                 Key: QPIDJMS-372
                 URL: https://issues.apache.org/jira/browse/QPIDJMS-372
             Project: Qpid JMS
          Issue Type: Bug
          Components: qpid-jms-client
    Affects Versions: 0.31.0
            Reporter: Keith Wall


http://qpid.2158936.n2.nabble.com/VOTE-Release-Apache-Qpid-JMS-0-31-0-td7674038.html

Google's access_tokens from {{/oauth2/v4/token}} use characters drawn from
outside Base64's 64 character set.   RFC 6749[1] defines an
access_token element as within {{%x20-7E}}, so the code within
{{org.apache.qpid.jms.sasl.XOauth2Mechanism#isApplicable}} is too
restrictive.

[1] https://tools.ietf.org/html/rfc6749




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org