[
http://jira.amdatu.org/jira/browse/AMDATUAUTH-93?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=11479#comment-11479
]
Ivo Ladage - van Doorn commented on AMDATUAUTH-93:
--------------------------------------------------
There are two services that create these Tokens; the OAuth server
(OAuthTokenProvider) and the Login service (TokenProvider). In the first case
the token secret is always set, this is also required for HMAC-SHA1 encryption.
The the second case however, setting a token secret does not make any sense as
there is no party with which this secret could be shared (in 3-legged OAuth the
consumer and provider know the token secret, but it is never passed to the
end-user). So it makes sense that in the latter case the tokenSecret is null.
All token stuff is correctly implemented, but the cassandra token store fails
to handle the null tokensecret case. So this is in fact a cassandra store
issue; it should simply support storing token secrets that are null.
> Token secret of oauth token is always null
> ------------------------------------------
>
> Key: AMDATUAUTH-93
> URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-93
> Project: Amdatu Auth
> Issue Type: Bug
> Components: OAuth server
> Reporter: Arthur Meijer
> Fix For: 0.2.1
>
>
> The tokenSecret of org.amdatu.auth.tokenprovider.Token instances is always
> null.
> This value should be set to a correct value and checked in relevant places.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
