[
https://issues.apache.org/jira/browse/OLTU-16?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stein Welberg resolved OLTU-16.
-------------------------------
Resolution: Fixed
In the end it didn't seem possible (with the current setup of the validators)
to do everything (authenticated and unauthenticated requests) in one class. So
another class is introduced which enables you to also accept unauthenticated
token requests. This class carries a different name
(UnauthenticatedTokenRequest) because we believe that by default you should
enable client authentication!
See OLTU-5 for more discussion.
> RefreshTokenValidator needs to be updated to the latest spec
> ------------------------------------------------------------
>
> Key: OLTU-16
> URL: https://issues.apache.org/jira/browse/OLTU-16
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-authzserver
> Reporter: Stein Welberg
> Assignee: Stein Welberg
>
> Actually this issue is the same as AMBER-49. The refresh token validator
> cannot handle when the client_id and client_secret are presented in the
> Authorization header.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
