Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5569

OAuth AbstractAuthFilter and query parameters used for signing

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      In the AbstractAuthFilter the query (or body) parameters used for signing are only those included in ALLOWED_OAUTH_PARAMETERS.

      But if I'm reading the RFC correctly, it looks are though ALL parameters should be considered for signature generation.

      To support both backwards compatibility, can I suggest exposing the ALLOWED_OAUTH_PARAMETERS to subclasses (either directly or via getter/setters) along with a flag that can be set to automatically include any and all parameters?

        Attachments

          Activity

            People

            • Assignee:
              sergey_beryozkin Sergey Beryozkin
              Reporter:
              jklap Jason Klapste
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: