[CXF-5764] AccessTokenService should allow the client authentication with a client id only - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.1
Component/s: JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

In some cases we may have a client_id parameter available, but no client_secret, the latter may be encrypted in client_id or some other parameter such as an assertion may securely identify a client.
At the moment if AccessTokenService sees a client_id parameter it will enforce the presence of client_secret for the confidential clients which may block the valid clients.

Attachments

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Sergey Beryozkin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/May/14 15:43

Updated:: 16/Feb/15 16:09

Resolved:: 04/Jun/14 13:21