[
https://issues.apache.org/jira/browse/AMBER-49?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13500930#comment-13500930
]
Stein Welberg edited comment on AMBER-49 at 11/20/12 9:06 AM:
--------------------------------------------------------------
Hi Antonio,
That is true. However, I have been struggling to prevent this. I couldn't find
a way to combine both the unauthenticated (which is possible according to [0])
and authenticated token requests in a single class the way it currently is
setup in Amber. That's why I went for the less generic approach of introducing
a second TokenRequest class.
[0] http://tools.ietf.org/html/rfc6749#section-4.1.3
was (Author: steinwelberg):
Hi Antonio,
That is true. However, I have been struggling to prevent this. I couldn't find
a way to combine both the unauthenticated (which is possible according to [0])
and authenticated token requests in a single class the way it currently is
setup in Amber. That's why I want for the less generic approach of introducing
a second TokenRequest class.
[0] http://tools.ietf.org/html/rfc6749#section-4.1.3
> AuthorizationCodeValidator needs to be updated to latest spec
> -------------------------------------------------------------
>
> Key: AMBER-49
> URL: https://issues.apache.org/jira/browse/AMBER-49
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Authorization Server
> Reporter: Antonio Sanso
> Assignee: Antonio Sanso
> Attachments: Patch_for_AMBER-49.patch
>
>
> The authorization code grant type it wrongly automatically validates that the
> client ID and secret are there.
> See also [0]
> [0] http://amber.markmail.org/message/b7q5lpe2ijh7lfrv
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
