Hello, I have the need to provide an authentication mechanism using the oAuth2 Resource Owner Grant type. However if I've understood correctly, the implementation expects the user to authenticatite using GET and passing the credentials in the query parameters? To me this seems quite insecure as the credentials will then stick in access logs etc. I'm wondering why it's been implemented in this way instead of POSTing the credentials or if I have misunderstood something. Or would it be better to rely on the tickets REST api?
Thank you! Tom -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/59d21bfd-052c-4311-acb6-ee47102ceaa1%40apereo.org.
