[
https://issues.apache.org/jira/browse/CXF-8370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17233526#comment-17233526
]
Colm O hEigeartaigh commented on CXF-8370:
------------------------------------------
I think that code was added for the pre-authorization use-case. I'll try to
make it optional...
> org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService#startAuthorization(javax.ws.rs.core.MultivaluedMap<java.lang.String,java.lang.String>)
> shouldn't require an user
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-8370
> URL: https://issues.apache.org/jira/browse/CXF-8370
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.4.1
> Reporter: Romain Manni-Bucau
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 3.4.2
>
>
> Currently starting an authorization_code flow requires an UserContext because
> ofÂ
> org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService#getAndValidateSecurityContext
> but if it is required then you can never login (until you use 2 auth
> methods).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
