[jira] [Resolved] (CXF-5764) AccessTokenService should allow the client authentication with a client id only

Sergey Beryozkin (JIRA) Wed, 04 Jun 2014 06:22:38 -0700

     [ 
https://issues.apache.org/jira/browse/CXF-5764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sergey Beryozkin resolved CXF-5764.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 3.0.1
         Assignee: Sergey Beryozkin

> AccessTokenService should allow the client authentication with a client id 
> only
> -------------------------------------------------------------------------------
>
>                 Key: CXF-5764
>                 URL: https://issues.apache.org/jira/browse/CXF-5764
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>            Priority: Minor
>             Fix For: 3.0.1
>
>
> In some cases we may have a client_id parameter available, but no 
> client_secret, the latter may be encrypted in client_id or some other 
> parameter such as an assertion may securely identify a client.
> At the moment if AccessTokenService sees a client_id parameter it will 
> enforce the presence of client_secret for the confidential clients which may 
> block the valid clients.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Resolved] (CXF-5764) AccessTokenService should allow the client authentication with a client id only

Reply via email to