I also tried with a Javascript client now that I made work with CXF 2.6.1 earlier. It gives an error on the server side saying "No message body writer has been found for response class OOBAuthorizationResponse".
Sergey, I remember you'd mentioned that in 2.6.1 the OOB support was removed but was added again in 2.6.2. I'm not sure why I'm getting this error in the Javascript client though. In the Java client, for a similar /authorize/decision URL, I'm getting another value of the session authenticity token. Not sure why the server side is behaving differently for 2 clients with the same value of consumer key/ secret/ call-back URL. In the Java client, I get a response similar to the one that I got for the /authorize call which includes an authenticity token, and in the Javascript client I get this error about the OOBAuthorizationResponse class. -- View this message in context: http://cxf.547215.n5.nabble.com/OAuth-1-0-in-CXF-2-6-2-tp5713150p5713190.html Sent from the cxf-user mailing list archive at Nabble.com.
