[jira] [Updated] (CXF-5712) OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data

Sergey Beryozkin (JIRA) Fri, 25 Apr 2014 04:42:40 -0700

     [ 
https://issues.apache.org/jira/browse/CXF-5712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sergey Beryozkin updated CXF-5712:
----------------------------------

    Summary: OAuth2 SessionAuthenticityTokenProvider must be able to validate 
user form data  (was: OAuth2 SessionAuthenticityTokenProvider nust be able to 
validate user form data)

> OAuth2 SessionAuthenticityTokenProvider must be able to validate user form 
> data
> -------------------------------------------------------------------------------
>
>                 Key: CXF-5712
>                 URL: https://issues.apache.org/jira/browse/CXF-5712
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS, JAX-RS Security
>            Reporter: Sergey Beryozkin
>             Fix For: 3.0.0
>
>
> SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not 
> sufficient for validating data like temporarily codes, etc.
> For example, when the user is redirected to AuthorizationService to authorize 
> a grant request the service will challenge the user with the authorization 
> form, at this point custom SessionAuthenticityTokenProvider should be able to 
> sent a temp code to the user's mobile/email and request the user to enter 
> this code into the form and then validate it on the user confirmation. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (CXF-5712) OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data

Reply via email to