You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oltu.apache.org by "Stein Welberg (JIRA)" <ji...@apache.org> on 2013/05/15 22:35:19 UTC

[jira] [Commented] (OLTU-5) AuthorizationCodeValidator needs to be updated to latest spec

    [ https://issues.apache.org/jira/browse/OLTU-5?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13658769#comment-13658769 ] 

Stein Welberg commented on OLTU-5:
----------------------------------

In the end it didn't seem possible (with the current setup of the validators) to do everything (authenticated and unauthenticated requests) in one class. So another class is introduced which enables you to also accept unauthenticated token requests. This class carries a different name (UnauthenticatedTokenRequest) because we believe that by default you should enable client authentication!


                
> AuthorizationCodeValidator needs to be updated to latest spec
> -------------------------------------------------------------
>
>                 Key: OLTU-5
>                 URL: https://issues.apache.org/jira/browse/OLTU-5
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: oauth2-authzserver
>    Affects Versions: 0.31
>            Reporter: Antonio Sanso
>            Assignee: Stein Welberg
>         Attachments: amber-49-asanso.txt, Patch_for_AMBER-49.patch
>
>
> The authorization code grant type it wrongly automatically validates that the client ID and secret are there.
> See also [0]
> [0] http://amber.markmail.org/message/b7q5lpe2ijh7lfrv

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira