[
https://issues.apache.org/jira/browse/AMBER-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13530773#comment-13530773
]
Stein Welberg commented on AMBER-64:
------------------------------------
Antonio,
You have me a little confused indeed. I agree that if the client also uses this
library we should remove the restriction to include only OAuth (authorization
server) allowed query parameters. However, I do think that we at least should
prevent the query parameters applier to add parameters both to the fragment and
the query string.
Still it is a little confusing that the query parameter applier is used at both
the OAuth client and Authorization server. It tries to serve two needs, however
it doesn't do both completely in my opinion. Maybe there should be some kind of
specific applier for both the client and the authorization server with a common
base which could be the current parameters applier. In my opinion Amber should
assist other programmers in creating a compliant OAuth implementation.
What do you think?
> QueryParameterApplier needs to include the scope parameter in the fragment
> ---------------------------------------------------------------------------
>
> Key: AMBER-64
> URL: https://issues.apache.org/jira/browse/AMBER-64
> Project: Amber
> Issue Type: Bug
> Reporter: Stein Welberg
> Assignee: Antonio Sanso
> Attachments: AMBER-64_improved.patch
>
>
> According to the spec (see [0]) the scope parameter also needs to be included
> in the url fragment if it is provided.
> Please find the patch attached to fix this attached to this issue.
> [0] http://tools.ietf.org/html/rfc6749#section-4.2.2
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
