[
https://issues.apache.org/jira/browse/CXF-6572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723804#comment-14723804
]
Berto Murillo commented on CXF-6572:
------------------------------------
[~sergey_beryozkin]
> OAuth2 Hawk Scheme requests
> ---------------------------
>
> Key: CXF-6572
> URL: https://issues.apache.org/jira/browse/CXF-6572
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Reporter: Berto Murillo
> Labels: oauth2, security
>
> Hi,
> References: https://github.com/hueniverse/hawk
> Just a few general requests regarding the Hawk scheme.
> 1) It looks like the port being used in the Hawk digest is -1 if the port is
> unspecified. Is it possible to default to 80 for http and 443 for https
> instead of -1? For clients, I don't think -1 is a standard behavior outside
> of Java if a port isn't specified and it can be confusing.
> 2) It looks like per the Hawk website above, the header's normalization
> string should begin with "hawk.1.header".
> 3) It would be great if request payload validation could be added. It looks
> like that is currently a spot where "" is being added in its place. I want
> to ensure that the request itself wasn't changed outside of having to use
> HTTP. https://github.com/hueniverse/hawk#payload-validation
> Thanks!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
