[jira] [Commented] (CXF-5599) OAuthRequestFilter, is not compliant with RFC 6750

Antonio Sargento (JIRA) Sun, 09 Mar 2014 17:24:06 -0700

    [ 
https://issues.apache.org/jira/browse/CXF-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13925366#comment-13925366
 ]


Antonio Sargento commented on CXF-5599:
---------------------------------------

Yes, since in RFC 6750, there are three ways to pass the token:
* Authorization Request Header Field
* Form-Encoded Body Parameter
* URI Query Parameter
The OAuthRequestFilter filter implements only the first.

> OAuthRequestFilter, is not compliant with RFC 6750
> --------------------------------------------------
>
>                 Key: CXF-5599
>                 URL: https://issues.apache.org/jira/browse/CXF-5599
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 3.0.0-milestone2, 2.7.10
>            Reporter: Antonio Sargento
>              Labels: oauth2
>
> The OAuth 2.0 Filter, OAuthRequestFilter, is not compliant with [RFC 
> 6750|http://tools.ietf.org/html/rfc6750].



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (CXF-5599) OAuthRequestFilter, is not compliant with RFC 6750

Reply via email to