![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Affects Versions:
|
0.2.1 |
|
Assignee:
|
Ivo Ladage - van Doorn
|
|
Components:
|
OAuth server |
|
Created:
|
23/May/12 2:49 PM
|
|
Description:
|
There is a design flaw in the OAuth nonce validation which needs to be fixed.
The problem is that upon the first validation the nonce is stored. When the validation is triggered again, for the same request, the validator will check if that nonce is already used by verifying if it is available in the store, which is the case. So effectively, in the current mechanism nonce validation can be triggered only once. This is problematic, especially if the OAuth request needs to be verified in 2 separate services or servlets.
To correct this design flaw, more refactoring is needed, probably requiring an API change in the nonce storage SPI.
For that reason nonce validation has been temporary disabled, see AMDATUAUTH-157
|
|
Project:
|
Amdatu Auth
|
|
Labels:
|
blueconic
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
Ivo Ladage - van Doorn
|
|
Security Level:
|
Public (Issues without restricted access) |
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
