Sergey Beryozkin created CXF-5764:
-------------------------------------
Summary: AccessTokenService should allow the client authentication
with a client id only
Key: CXF-5764
URL: https://issues.apache.org/jira/browse/CXF-5764
Project: CXF
Issue Type: Improvement
Components: JAX-RS Security
Reporter: Sergey Beryozkin
Priority: Minor
In some cases we may have a client_id parameter available, but no
client_secret, the latter may be encrypted in client_id or some other parameter
such as an assertion may securely identify a client.
At the moment if AccessTokenService sees a client_id parameter it will enforce
the presence of client_secret for the confidential clients which may block the
valid clients.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
