[
https://issues.apache.org/jira/browse/CXF-6573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14727097#comment-14727097
]
Sergey Beryozkin edited comment on CXF-6573 at 9/2/15 1:39 PM:
---------------------------------------------------------------
Hmm, I actually did not document that OAuthJsonProvider is supposed to be used,
will do asap.
Usually I refer users to a demo which is linked to a Google page after a "CXF
OAuth2" search.
I'm not sure about letting 3rd party JSON providers write the response. Let me
ask, how does Jackson writes
a Map 'parameters' field ? Does it introduce a 'parameters' key into a response
(add a single entry into this Map if it ignores the empty Map) ? The reason I
ask is that the entries in Map 'parameters' have to be siblings of the main
token properties, the actual 'parameters' key can not be introduced. If Jackson
can be controlled to block a 'parameters' key while outputting the actual Map
entries then we can consider adding Jaxb annotations to have it working with a
JacksonJaxb provider.
Please also check, does it output 'expiresIn' if it is set to 0 ? The code sets
it to -1 by default but I guess it is fine to initialize it to 0 by default in
case of 'never expires'.
was (Author: sergey_beryozkin):
Hmm, I actually did not document that OAuthJsonProvider is supposed to be used,
will do asap.
Usually I refer users to a demo which is linked to a Google page after a "CXF
OAuth2" search.
I'm not sure about letting 3rd party JSON providers write the response. Let me
ask, how does Jackson writes
a Map 'parameters' field ? Does it introduce a 'parameters' key into a response
(add a single entry into this Map if it ignores the empty Map) ? The reason I
ask is that the entries in Map 'parameters' have to be siblings of the main
token properties, the actual 'parameters' key can not be introduced. If Jackson
can be controlled to block a 'parameters' key while outputting the actual Map
entries then we can consider adding Jaxb annotations to have it working with a
JacksonJaxb provider.
Please also check, does it output 'expiresIn' if it is set to 0 ? The code sets
it to -1 by default but I guess it is fine to initialize it to 0 by default in
case of 'never expires'.
Hmm... Actually, AccessToken also has an issuedAt property which can optionally
be reported but is otherwise a non-standard property that should not go out by
default...
> AccessToken doesn't serialize with snake-case
> ---------------------------------------------
>
> Key: CXF-6573
> URL: https://issues.apache.org/jira/browse/CXF-6573
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 3.1.2
> Reporter: Karl von Randow
> Priority: Minor
>
> The org.apache.cxf.rs.security.oauth2.common.AccessToken class doesn't
> declare and JAXB (or other) annotations to influence how it is serialized. So
> it uses the default serialization style of the JAXB context.
> In my case this is camel case.
> This means that the AccessToken response from the AccessTokenService uses
> camel case. The OAuth docs _appear_ (I'm not a scholar of them) to indicate
> that it should be snake case.
> Is that true? Is this a thing? Would it be something you'd consider, adding
> `@XmlElement(name = "token_key")` annotations? That would be a breaking
> change for existing users...
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
