[jira] [Updated] (CAMEL-13341) camel-linkedin: If accessToken is set, other credentials should be unnecessary

Tue, 19 Mar 2019 04:22:54 -0700 


     [ 
https://issues.apache.org/jira/browse/CAMEL-13341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiri Ondrusek updated CAMEL-13341:
----------------------------------
    Description: 
If you run camel-linkedin quickstart, it is possible to fill accessToken into 
configuration and with it, all other authentication parameters (userName, 
userPassword, clientId, clientSecret) are ignored, but can not be empty.

For example this configuration works:
{code}<bean id="linkedinConfiguration" 
class="org.apache.camel.component.linkedin.LinkedInConfiguration">
        <property name="clientId" value="null"/>
        <property name="clientSecret" value="null"/>
        <property name="redirectUri" value="https://localhost"/>
        <property name="userName" value="null"/>
        <property name="userPassword" value="null"/>
        <property name="accessToken" value="very long but correct access 
token"/>
</bean>{code}
But following configuration should work too (because no real value is removed 
from the first one):
{code}<bean id="linkedinConfiguration" 
class="org.apache.camel.component.linkedin.LinkedInConfiguration">
        <property name="redirectUri" value="https://localhost"/>
        <property name="accessToken" value="very long but correct access 
token"/>
</bean>{code}

It should be possible to improve component a little bit to allow empty 
authentication parameters in case of filled accessToken.
(other possible solution is to forbid accessToken functionality, but it will 
change back-compatibility and possibly harm some users)

But it should not  be allowed to have filled accessToken and also 
authentication credential, because it will be misleading (for example 
accessToken could be created for different user)


  was:
If you run camel-linkedin quickstart, it is possible to fill accessToken into 
configuration and with it, all other authentication parameters (userName, 
userPassword, clientId, clientSecret) are ignored, but can not be empty.

For example this configuration works:
{code}<bean id="linkedinConfiguration" 
class="org.apache.camel.component.linkedin.LinkedInConfiguration">
        <property name="clientId" value="null"/>
        <property name="clientSecret" value="null"/>
        <property name="redirectUri" value="https://localhost"/>
        <property name="userName" value="null"/>
        <property name="userPassword" value="null"/>
        <property name="accessToken" value="very long but correct access 
token"/>
</bean>{code}
But following configuration should work too (because no real value is removed 
from the first one):
{code}<bean id="linkedinConfiguration" 
class="org.apache.camel.component.linkedin.LinkedInConfiguration">
        <property name="redirectUri" value="https://localhost"/>
        <property name="accessToken" value="very long but correct access 
token"/>
</bean>{code}

It should be possible to improve component a little bit to allow empty 
authentication parameters in case of filled accessToken.
(other possible solution is to forbid accessToken functionality, but it will 
change back-compatibility and possibly harm some users)



> camel-linkedin: If accessToken is set, other credentials should be unnecessary
> ------------------------------------------------------------------------------
>
>                 Key: CAMEL-13341
>                 URL: https://issues.apache.org/jira/browse/CAMEL-13341
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-linkedin
>    Affects Versions: 3.0.0
>            Reporter: Jiri Ondrusek
>            Priority: Major
>
> If you run camel-linkedin quickstart, it is possible to fill accessToken into 
> configuration and with it, all other authentication parameters (userName, 
> userPassword, clientId, clientSecret) are ignored, but can not be empty.
> For example this configuration works:
> {code}<bean id="linkedinConfiguration" 
> class="org.apache.camel.component.linkedin.LinkedInConfiguration">
>       <property name="clientId" value="null"/>
>       <property name="clientSecret" value="null"/>
>       <property name="redirectUri" value="https://localhost"/>
>       <property name="userName" value="null"/>
>       <property name="userPassword" value="null"/>
>       <property name="accessToken" value="very long but correct access 
> token"/>
> </bean>{code}
> But following configuration should work too (because no real value is removed 
> from the first one):
> {code}<bean id="linkedinConfiguration" 
> class="org.apache.camel.component.linkedin.LinkedInConfiguration">
>       <property name="redirectUri" value="https://localhost"/>
>       <property name="accessToken" value="very long but correct access 
> token"/>
> </bean>{code}
> It should be possible to improve component a little bit to allow empty 
> authentication parameters in case of filled accessToken.
> (other possible solution is to forbid accessToken functionality, but it will 
> change back-compatibility and possibly harm some users)
> But it should not  be allowed to have filled accessToken and also 
> authentication credential, because it will be misleading (for example 
> accessToken could be created for different user)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to