[
https://issues.apache.org/jira/browse/CXF-6027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin resolved CXF-6027.
-----------------------------------
Resolution: Fixed
Fix Version/s: 3.1.0
3.0.2
Assignee: Sergey Beryozkin
Thanks for the early test. The default mechanism is the most compact one but
indeed more brittle if compared to the approach where the bean is
JSON-serialized first and then encrypted. That said, I might revisit it and
introduce some compact key mechanism into the default model encryption.
> oauth2 client redirect uris are never valid
> -------------------------------------------
>
> Key: CXF-6027
> URL: https://issues.apache.org/jira/browse/CXF-6027
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 3.0.2
> Reporter: Ricky Nguyen
> Assignee: Sergey Beryozkin
> Fix For: 3.0.2, 3.1.0
>
>
> Using the DefaultEncryptingOAuthDataProvider in 3.0.2-SNAPSHOT, I always get
> an error about invalid redirect uris, despite setting the correct redirect
> uri when registering the client and when making the authorize code grant
> request.
> I stepped through the debugger and tracked it down to the tokenization of the
> client in ModelEncryptionSupport. The redirect uris and registered scopes are
> swapped when tokenizing/recreating the client object.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
