Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Unknown
Description
If you run camel-linkedin quickstart, it is possible to fill accessToken into configuration and with it, all other authentication parameters (userName, userPassword, clientId, clientSecret) are ignored, but can not be empty.
For example this configuration works:
<bean id="linkedinConfiguration" class="org.apache.camel.component.linkedin.LinkedInConfiguration"> <property name="clientId" value="null"/> <property name="clientSecret" value="null"/> <property name="redirectUri" value="https://localhost"/> <property name="userName" value="null"/> <property name="userPassword" value="null"/> <property name="accessToken" value="very long but correct access token"/> </bean>
But following configuration should work too (because no real value is removed from the first one):
<bean id="linkedinConfiguration" class="org.apache.camel.component.linkedin.LinkedInConfiguration"> <property name="redirectUri" value="https://localhost"/> <property name="accessToken" value="very long but correct access token"/> </bean>
It should be possible to improve component a little bit to allow empty authentication parameters in case of filled accessToken.
(other possible solution is to forbid accessToken functionality, but it will change back-compatibility and possibly harm some users)
But it should not be allowed to have filled accessToken and also authentication credential, because it will be misleading (for example accessToken could be created for different user)
Attachments
Issue Links
- links to