[Amdatu-developers] [JIRA] (AMDATUAUTH-157) Design flaw in OAuth server nonce validator

Ivo Ladage - van Doorn (JIRA) Tue, 22 May 2012 02:43:27 -0700

Issue Type:	Bug
Affects Versions:	0.2.1
Assignee:	Ivo Ladage - van Doorn
Components:	OAuth client
Created:	22/May/12 11:43 AM
Description:	The nonce validator of the Amdatu OAuth server contains a design flaw. To verify if a nonce has already been used, it tries to persist the nonce for the 'now' timestamp. If the nonce store already contains a nonce for this timestamp, validation fails. This is not what it should do, there are two issues: Calling the validate on the same request twice should have the same result The nonce should be associated with the timestamp of the request, not with the 'now' timestamp.
Fix Versions:	0.2.2
Project:	Amdatu Auth
Priority:	Major
Reporter:	Ivo Ladage - van Doorn
Security Level:	Public (Issues without restricted access)

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers

[Amdatu-developers] [JIRA] (AMDATUAUTH-157) Design flaw in OAuth server nonce validator

Reply via email to