You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oltu.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2015/09/14 12:07:47 UTC
[jira] [Resolved] (OLTU-127) OAuthUnauthenticatedTokenRequest
unnecessarily requires the "client_id" parameter
[ https://issues.apache.org/jira/browse/OLTU-127?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antonio Sanso resolved OLTU-127.
--------------------------------
Resolution: Duplicate
duplicate of OLTU-179
> OAuthUnauthenticatedTokenRequest unnecessarily requires the "client_id" parameter
> ---------------------------------------------------------------------------------
>
> Key: OLTU-127
> URL: https://issues.apache.org/jira/browse/OLTU-127
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-authzserver
> Affects Versions: oauth2-0.31
> Environment: JBoss 7.1.1
> Reporter: Christian
>
> The OAuthUnauthenticatedTokenRequest(HttpServletRequest) constructor will inappropriately fail if the "client_id" parameter is missing. But it is optional for "Resource Owner Password Credentials Grant". From the specification (section 4.3.2):
> If the client type is confidential or the client was issued client
> credentials (or assigned other authentication requirements), the
> client MUST authenticate with the authorization server as described
> in Section 3.2.1.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)