Christian created OLTU-127:
------------------------------
Summary: OAuthUnauthenticatedTokenRequest unnecessarily requires
the "client_id" parameter
Key: OLTU-127
URL: https://issues.apache.org/jira/browse/OLTU-127
Project: Apache Oltu
Issue Type: Bug
Components: oauth2-authzserver
Affects Versions: 0.31
Environment: JBoss 7.1.1
Reporter: Christian
The OAuthUnauthenticatedTokenRequest(HttpServletRequest) constructor will
inappropriately fail if the "client_id" parameter is missing. But it is
optional for "Resource Owner Password Credentials Grant". From the
specification (section 4.3.2):
If the client type is confidential or the client was issued client
credentials (or assigned other authentication requirements), the
client MUST authenticate with the authorization server as described
in Section 3.2.1.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
