qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-8172) [Broker-J] OAuth2 authentication provider should not mandate setting of client secret
Date Wed, 02 May 2018 23:24:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-8172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16461725#comment-16461725
] 

ASF subversion and git services commented on QPID-8172:
-------------------------------------------------------

Commit d2589bf40a1bf352ddced315a4fd93c3560c0396 in qpid-broker-j's branch refs/heads/master
from [~alex.rufous]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=d2589bf ]

QPID-8172: [Broker-J] Fix failing test


> [Broker-J] OAuth2 authentication provider should not mandate setting of client secret
> -------------------------------------------------------------------------------------
>
>                 Key: QPID-8172
>                 URL: https://issues.apache.org/jira/browse/QPID-8172
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-6.1.6, qpid-java-broker-7.0.3
>            Reporter: Alex Rudyy
>            Assignee: Keith Wall
>            Priority: Major
>
> The current implementation of OAuth2 authentication provider requires specifying "client
secret". However, the client secret can be an empty string and can even be omitted in the
request if it is empty. As per [RFC6749|https://tools.ietf.org/html/rfc6749], section "2.3.1.
 Client Password":
> {quote}
> client_secret
>          REQUIRED.  The client secret.  The client MAY omit the
>          parameter if the client secret is an empty string.
> {quote}
> Thus, OAuth2 authentication provider should not mandate setting of client secret.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message