[
https://issues.apache.org/jira/browse/OLTU-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13771885#comment-13771885
]
John Jenkins commented on OLTU-109:
-----------------------------------
One thing I really like about this library is that it does all of the
boilerplate stuff and lets me get in and validate the rest on my own. To me,
maintaining state is a slippery slope. I understand the desire to have a
solution that doesn't have any of these types of ambiguities, but one of my
main draws to this project was its simplicity.
> OAuthTokenRequest unnecessarily requires the "redirect_uri" parameter
> ---------------------------------------------------------------------
>
> Key: OLTU-109
> URL: https://issues.apache.org/jira/browse/OLTU-109
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-authzserver
> Affects Versions: 0.22
> Environment: Authorization Server
> Reporter: John Jenkins
> Fix For: 0.31
>
>
> The OAuthTokenRequest(HttpServletRequest) constructor will inappropriately
> fail if the "redirect_uri" parameter is missing. This is only required if the
> "redirect_uri" was given in the previous, "code" request. From the
> specification (section 4.1.3):
> redirect_uri
> REQUIRED, if the "redirect_uri" parameter was included in the
> authorization request as described in Section 4.1.1, and their
> values MUST be identical.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
