[
https://issues.apache.org/jira/browse/CXF-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin resolved CXF-5599.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.7.11
3.0.0
Assignee: Sergey Beryozkin
"access_token" form parameter is optionally supported, 'checkFormData' property
needs to be set on the filter.
No OOB support for passing the token as part of query parameters. The spec
itself discourages it for the security reasons.
if really needed this can be supported by extending OAuthRequestFilter and
overriding its getAuthorizationParts method or adding a CXF interceptor in
front of it which will get the token from the query string and add
Authorization header to the current message
Cheers, Sergey
> OAuthRequestFilter, is not compliant with RFC 6750
> --------------------------------------------------
>
> Key: CXF-5599
> URL: https://issues.apache.org/jira/browse/CXF-5599
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 3.0.0-milestone2, 2.7.10
> Reporter: Antonio Sargento
> Assignee: Sergey Beryozkin
> Labels: oauth2
> Fix For: 3.0.0, 2.7.11
>
>
> The OAuth 2.0 Filter, OAuthRequestFilter, is not compliant with [RFC
> 6750|http://tools.ietf.org/html/rfc6750].
--
This message was sent by Atlassian JIRA
(v6.2#6252)
