qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-8172) [Broker-J] OAuth2 authentication provider should not mandate setting of client secret
Date Mon, 14 May 2018 15:21:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-8172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16474349#comment-16474349
] 

ASF subversion and git services commented on QPID-8172:
-------------------------------------------------------

Commit 11aa5827ddcdee9f621714e097ecab4c6d24f39a in qpid-broker-j's branch refs/heads/master
from [~alex.rufous]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=11aa582 ]

QPID-8172: [Broker-J] Address review comments from Keith Wall


> [Broker-J] OAuth2 authentication provider should not mandate setting of client secret
> -------------------------------------------------------------------------------------
>
>                 Key: QPID-8172
>                 URL: https://issues.apache.org/jira/browse/QPID-8172
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-6.1.6, qpid-java-broker-7.0.3
>            Reporter: Alex Rudyy
>            Assignee: Keith Wall
>            Priority: Major
>
> The current implementation of OAuth2 authentication provider requires specifying "client
secret". However, the client secret can be an empty string and can even be omitted in the
request if it is empty. As per [RFC6749|https://tools.ietf.org/html/rfc6749], section "2.3.1.
 Client Password":
> {quote}
> client_secret
>          REQUIRED.  The client secret.  The client MAY omit the
>          parameter if the client secret is an empty string.
> {quote}
> Thus, OAuth2 authentication provider should not mandate setting of client secret.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message