[
https://issues.apache.org/jira/browse/CXF-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13503804#comment-13503804
]
Evgeni Kisel commented on CXF-4478:
-----------------------------------
OAuth 1.0 must be used because it's more secure and have finalized signed-off
documentation.
> I'd like to understand the flow better. Does it implies the use "oob" ?
It can be for oob cases and for non-oob as well.
> Please prototype the example: basically I need to see when a custom parameter
> is reported back, I'm assuming it has to be done after the user has
> authorized the client, but the question is, does it have to reported back as
> part of "oob" response, or after the client requests the access token.
It doesn't matter which step. Each step should support customizing. Developers
should be able to add their own custom input and output parameters and handle
them appropriately.
> [OAuth1.0] RequestTokenHandler doesn't support custom input parameters
> ----------------------------------------------------------------------
>
> Key: CXF-4478
> URL: https://issues.apache.org/jira/browse/CXF-4478
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 2.6.1
> Reporter: Evgeni Kisel
>
> According to the spec custom parameters can be added but currnnelty it's
> impossible to use them because:
> 1. there are no hooks in the handle class to be overridden.
> 2. RequestTokenRegistration object doesn't contain a map with custom
> parameters.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
