[
https://issues.apache.org/jira/browse/KNOX-3272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18063582#comment-18063582
]
ASF subversion and git services commented on KNOX-3272:
-------------------------------------------------------
Commit 10ac9f6b2728ee221efc30792915f61c9ea9e43e in knox's branch
refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=10ac9f6b2 ]
KNOX-3272: Improved OAuth flow checks and return 401 in case of missing client
ID or invalid client secret (#1170)
> ClientID validation issues
> --------------------------
>
> Key: KNOX-3272
> URL: https://issues.apache.org/jira/browse/KNOX-3272
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 3.0.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 3.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The following issues have been observed while testing negative cases for the
> CLIENTID service:
> * Trying to fetch access token without passing secret is failing with 400
> bad request -> this should be 401
> * We can authenticate to a backend service without passing the clientId
> (only with client_secret)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
