[OLTU-127] OAuthUnauthenticatedTokenRequest unnecessarily requires the "client_id" parameter - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: oauth2-0.31
Fix Version/s: None
Component/s: oauth2-authzserver
Labels:
None
Environment:
JBoss 7.1.1

Description

The OAuthUnauthenticatedTokenRequest(HttpServletRequest) constructor will inappropriately fail if the "client_id" parameter is missing. But it is optional for "Resource Owner Password Credentials Grant". From the specification (section 4.3.2):

If the client type is confidential or the client was issued client
credentials (or assigned other authentication requirements), the
client MUST authenticate with the authorization server as described
in Section 3.2.1.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Christian

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Oct/13 20:11

Updated:: 14/Sep/15 10:07

Resolved:: 14/Sep/15 10:07