[
https://issues.apache.org/jira/browse/AMBER-30?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13123927#comment-13123927
]
Tommaso Teofili commented on AMBER-30:
--------------------------------------
Hello Antonio,
Reviewing your code I think it'd be better not only to remove the test code
which checks the OAUTH_REDIRECT_URI but convert that for checking the other
required parameter (OAUTH_RESPONSE_TYPE) as follows:
{code}
reset(request);
expect(request.getParameter(OAuth.OAUTH_RESPONSE_TYPE)).andStubReturn(null);
expect(request.getMethod()).andStubReturn(OAuth.HttpMethod.GET);
expect(request.getContentType()).andStubReturn(OAuth.ContentType.URL_ENCODED);
expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn("client_id");
expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn(null);
replay(request);
try {
new OAuthAuthzRequest(request);
fail("Exception expected");
} catch (OAuthProblemException e) {
Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
e.getError());
}
verify(request);
{code}
What do you think?
> CodeValidator needs to be updated to latest spec
> ------------------------------------------------
>
> Key: AMBER-30
> URL: https://issues.apache.org/jira/browse/AMBER-30
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Authorization Server
> Reporter: Antonio Sanso
> Attachments: AMBER-30-asanso-patch.txt, AMBER-30-asanso-patch.txt
>
>
> Since spec version #17 the redirect_uri became optional (is not anymore
> mandatory) see last version of the spec [0] for the authorization request.
> patch to follow
> [0] http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1.1
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
