You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2014/04/25 13:46:16 UTC

[jira] [Resolved] (CXF-5712) OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data

     [ https://issues.apache.org/jira/browse/CXF-5712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sergey Beryozkin resolved CXF-5712.
-----------------------------------

    Resolution: Fixed
      Assignee: Sergey Beryozkin

Trunk only due to the migration side-effect

> OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data
> -------------------------------------------------------------------------------
>
>                 Key: CXF-5712
>                 URL: https://issues.apache.org/jira/browse/CXF-5712
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS, JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 3.0.0
>
>
> SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not sufficient for validating data like temporarily codes, etc.
> For example, when the user is redirected to AuthorizationService to authorize a grant request the service will challenge the user with the authorization form, at this point custom SessionAuthenticityTokenProvider should be able to send a temp code to the user's mobile/email and request the user to enter this code into the form and then validate it on the user confirmation. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)