It is 5 minute task, JIRA is required for release notes :) On Wed, 6 Feb 2019 at 21:41, Adrian Avila Atencio <[email protected]> wrote:
> Hello Maxim, > > My problem is that I am integrating openmeeting with Wso2 Identity Server > and the header value for 'Authorization' does not accept 'bearer'. > Thank you I'll see what I can do. > > > El mié., 6 de feb. de 2019 a la(s) 08:20, Maxim Solodovnik ( > [email protected]) escribió: > >> Hello Adrian, >> >> I believe this should be JIRA or letter to dev@ list >> security@ list is for reporting vulnerabilities :) >> >> I can change the case, no problem >> But according to my test it works as expected as-is :) >> >> It is confirmed for example here >> https://issues.onehippo.com/browse/CRISP-7 >> >> can you please file JIRA here: >> https://issues.apache.org/jira/browse/OPENMEETINGS >> >> >> On Wed, 6 Feb 2019 at 20:59, Adrian Avila Atencio < >> [email protected]> wrote: >> >>> The OAuth 2.0 Authorization Framework: Bearer Token Usage >>> >>> https://tools.ietf.org/html/rfc6750#section-2.1) explicitly states that >>> we have to use "Authorization: **Bearer** XXXX" >>> >>> Bug openmeetings 4.0.7: >>> >>> >>> /openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/SignInPage.java >>> >>> line #277 >>> >>> private static OAuthUser getAuthParams(String token, String code, >>> OAuthServer server) throws IOException { >>> // prepare url >>> String requestInfoUrl = server.getRequestInfoUrl(); >>> requestInfoUrl = prepareUrlParams(requestInfoUrl, >>> server.getClientId(), getRedirectUri(server) >>> , server.getClientSecret(), token, code); >>> // send request >>> HttpURLConnection connection = (HttpURLConnection) new >>> URL(requestInfoUrl).openConnection(); >>> if (server.getRequestInfoMethod() == RequestInfoMethod.HEADER) { >>> connection.setRequestProperty("Authorization", >>> String.format("bearer >>> %s", token)); //HERE >>> } else { >>> >>> connection.setRequestMethod(server.getRequestInfoMethod().name()); >>> } >>> prepareConnection(connection); >>> String json = IOUtils.toString(connection.getInputStream(), >>> UTF_8); >>> log.debug("User info={}", json); >>> // parse json result >>> return new OAuthUser(json, server); >>> } >>> >>> >> >> >> -- >> WBR >> Maxim aka solomax >> > -- WBR Maxim aka solomax
