I don’t remember if the spec makes a hard and fast rule on this, strictly 
speaking, but you’re certainly right that if it’s done via a GET it would be 
better for it to switch to POST.



--Misagh



From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Tom 
Andersson
Sent: Tuesday, August 8, 2017 12:32 AM
To: CAS Community <cas-user@apereo.org>
Subject: [cas-user] CAS 5.0 & Resource Owner Grant



Hello,



I have the need to provide an authentication mechanism using the oAuth2 
Resource Owner Grant type. However if I've understood correctly, the 
implementation expects the user to authenticatite using GET and passing the 
credentials in the query parameters? To me this seems quite insecure as the 
credentials will then stick in access logs etc. I'm wondering why it's been 
implemented in this way instead of POSTing the credentials or if I have 
misunderstood something. Or would it be better to rely on the tickets REST 
api?



Thank you!

Tom

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/59d21bfd-052c-4311-acb6-ee47102ceaa1%40apereo.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/59d21bfd-052c-4311-acb6-ee47102ceaa1%40apereo.org?utm_medium=email&utm_source=footer>
 
.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/086f01d310d9%245cd077b0%2416716710%24%40unicon.net.

Reply via email to