You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2014/04/25 13:46:16 UTC
[jira] [Resolved] (CXF-5712) OAuth2
SessionAuthenticityTokenProvider must be able to validate user form data
[ https://issues.apache.org/jira/browse/CXF-5712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-5712.
-----------------------------------
Resolution: Fixed
Assignee: Sergey Beryozkin
Trunk only due to the migration side-effect
> OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data
> -------------------------------------------------------------------------------
>
> Key: CXF-5712
> URL: https://issues.apache.org/jira/browse/CXF-5712
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS, JAX-RS Security
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 3.0.0
>
>
> SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not sufficient for validating data like temporarily codes, etc.
> For example, when the user is redirected to AuthorizationService to authorize a grant request the service will challenge the user with the authorization form, at this point custom SessionAuthenticityTokenProvider should be able to send a temp code to the user's mobile/email and request the user to enter this code into the form and then validate it on the user confirmation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)