You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Evgeni Kisel (JIRA)" <ji...@apache.org> on 2012/07/18 07:40:34 UTC

[jira] [Created] (CXF-4432) [OAuth1.0] oob callback is not supported

Evgeni Kisel created CXF-4432:
---------------------------------

             Summary: [OAuth1.0] oob callback is not supported
                 Key: CXF-4432
                 URL: https://issues.apache.org/jira/browse/CXF-4432
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS, JAX-RS Security
    Affects Versions: 2.6.1
            Reporter: Evgeni Kisel


OAuth spec says:
oauth_callback: An absolute URI back to which the server will
redirect the resource owner when the Resource Owner
Authorization step (Section 2.2) is completed. If
the client is unable to receive callbacks or a
callback URI has been established via other means,
the parameter value MUST be set to "oob" (case
sensitive), to indicate an out-of-band
configuration.


But it's not supported.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (CXF-4432) [OAuth1.0] oob callback is not supported

Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CXF-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sergey Beryozkin resolved CXF-4432.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.7.0
                   2.6.2
         Assignee: Sergey Beryozkin
    
> [OAuth1.0] oob callback is not supported
> ----------------------------------------
>
>                 Key: CXF-4432
>                 URL: https://issues.apache.org/jira/browse/CXF-4432
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS, JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Evgeni Kisel
>            Assignee: Sergey Beryozkin
>             Fix For: 2.6.2, 2.7.0
>
>
> OAuth spec says:
> oauth_callback: An absolute URI back to which the server will
> redirect the resource owner when the Resource Owner
> Authorization step (Section 2.2) is completed. If
> the client is unable to receive callbacks or a
> callback URI has been established via other means,
> the parameter value MUST be set to "oob" (case
> sensitive), to indicate an out-of-band
> configuration.
> But it's not supported.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CXF-4432) [OAuth1.0] oob callback is not supported

Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CXF-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417809#comment-13417809 ] 

Sergey Beryozkin commented on CXF-4432:
---------------------------------------

Some support for 'oob' was originally available in the code contribued by Lukash, but I do not recall now why I dropped it.

In case of 'oob' AuthorizationRequestService will return JAX-RS Response with the type set to "text/html" and the entity to the instance of the newly introduced OOBAuthorizatonResponse:

http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java

RequestDispatcherProvider will need to be used to redirect the response to JSP or other view handler for OOBAuthorizatonResponse properties to be converted to the HTML page to be presented to the user.

The restriction: the client needs to preregister a callback URI as 'oob'.
                
> [OAuth1.0] oob callback is not supported
> ----------------------------------------
>
>                 Key: CXF-4432
>                 URL: https://issues.apache.org/jira/browse/CXF-4432
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS, JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Evgeni Kisel
>             Fix For: 2.6.2, 2.7.0
>
>
> OAuth spec says:
> oauth_callback: An absolute URI back to which the server will
> redirect the resource owner when the Resource Owner
> Authorization step (Section 2.2) is completed. If
> the client is unable to receive callbacks or a
> callback URI has been established via other means,
> the parameter value MUST be set to "oob" (case
> sensitive), to indicate an out-of-band
> configuration.
> But it's not supported.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira