Sergey Beryozkin created CXF-5712:
-------------------------------------
Summary: OAuth2 SessionAuthenticityTokenProvider nust be able to
validate user form data
Key: CXF-5712
URL: https://issues.apache.org/jira/browse/CXF-5712
Project: CXF
Issue Type: Improvement
Components: JAX-RS, JAX-RS Security
Reporter: Sergey Beryozkin
Fix For: 3.0.0
SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not
sufficient for validating data like temporarily codes, etc.
For example, when the user is redirected to AuthorizationService to authorize a
grant request the service will challenge the user with the authorization form,
at this point custom SessionAuthenticityTokenProvider should be able to sent a
temp code to the user's mobile/email and request the user to enter this code
into the form and then validate it on the user confirmation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
