End User Authorization Endpoint (namely OAuthAuthzRequest) needs to be updated
to latest spec
---------------------------------------------------------------------------------------------
Key: AMBER-31
URL: https://issues.apache.org/jira/browse/AMBER-31
Project: Amber
Issue Type: Bug
Components: OAuth 2.0 - Authorization Server
Reporter: Antonio Sanso
As for [0] response_type MUST be set to "code".
At the moment OAuthAuthzRequest is still in line with the old spec (The
requested response: an access token, an
authorization code, or both. ):
protected OAuthValidator initValidator() throws OAuthProblemException,
OAuthSystemException {
.....
validators.put(ResponseType.CODE.toString(), CodeValidator.class);
validators.put(ResponseType.TOKEN.toString(), TokenValidator.class);
validators.put(ResponseType.CODE_AND_TOKEN.toString(),
CodeTokenValidator.class);
String requestTypeValue = getParam(OAuth.OAUTH_RESPONSE_TYPE);
...
Class clazz = validators.get(requestTypeValue);
patch to follow.
[0] http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1.1
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
