qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-8172) [Broker-J] OAuth2 authentication provider should not mandate setting of client secret
Date Wed, 02 May 2018 13:30:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-8172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16461028#comment-16461028
] 

ASF subversion and git services commented on QPID-8172:
-------------------------------------------------------

Commit 39bfa6a0c054bb746b0ea45402e8d8a2707895a1 in qpid-broker-j's branch refs/heads/master
from [~alex.rufous]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=39bfa6a ]

QPID-8172: [Broker-J] OAuth2 authentication provider should not mandate setting of client
secret


> [Broker-J] OAuth2 authentication provider should not mandate setting of client secret
> -------------------------------------------------------------------------------------
>
>                 Key: QPID-8172
>                 URL: https://issues.apache.org/jira/browse/QPID-8172
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-6.1.6, qpid-java-broker-7.0.3
>            Reporter: Alex Rudyy
>            Priority: Major
>
> The current implementation of OAuth2 authentication provider requires specifying "client
secret". However, the client secret can be an empty string and can even be omitted in the
request if it is empty. As per [RFC6749|https://tools.ietf.org/html/rfc6749], section "2.3.1.
 Client Password":
> {quote}
> client_secret
>          REQUIRED.  The client secret.  The client MAY omit the
>          parameter if the client secret is an empty string.
> {quote}
> Thus, OAuth2 authentication provider should not mandate setting of client secret.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message