[CXF-5569] OAuth AbstractAuthFilter and query parameters used for signing - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.7.10
Fix Version/s: 3.0.0-milestone2, 2.7.11
Component/s: JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

In the AbstractAuthFilter the query (or body) parameters used for signing are only those included in ALLOWED_OAUTH_PARAMETERS.

But if I'm reading the RFC correctly, it looks are though ALL parameters should be considered for signature generation.

To support both backwards compatibility, can I suggest exposing the ALLOWED_OAUTH_PARAMETERS to subclasses (either directly or via getter/setters) along with a flag that can be set to automatically include any and all parameters?

Attachments

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Jason Klapste

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Feb/14 17:25

Updated:: 11/Jul/14 12:50

Resolved:: 19/Feb/14 17:38