[
https://issues.apache.org/jira/browse/CXF-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417809#comment-13417809
]
Sergey Beryozkin commented on CXF-4432:
---------------------------------------
Some support for 'oob' was originally available in the code contribued by
Lukash, but I do not recall now why I dropped it.
In case of 'oob' AuthorizationRequestService will return JAX-RS Response with
the type set to "text/html" and the entity to the instance of the newly
introduced OOBAuthorizatonResponse:
http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
RequestDispatcherProvider will need to be used to redirect the response to JSP
or other view handler for OOBAuthorizatonResponse properties to be converted to
the HTML page to be presented to the user.
The restriction: the client needs to preregister a callback URI as 'oob'.
> [OAuth1.0] oob callback is not supported
> ----------------------------------------
>
> Key: CXF-4432
> URL: https://issues.apache.org/jira/browse/CXF-4432
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS, JAX-RS Security
> Affects Versions: 2.6.1
> Reporter: Evgeni Kisel
> Fix For: 2.6.2, 2.7.0
>
>
> OAuth spec says:
> oauth_callback: An absolute URI back to which the server will
> redirect the resource owner when the Resource Owner
> Authorization step (Section 2.2) is completed. If
> the client is unable to receive callbacks or a
> callback URI has been established via other means,
> the parameter value MUST be set to "oob" (case
> sensitive), to indicate an out-of-band
> configuration.
> But it's not supported.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
