Hi all, I registered a service provider in IS 5.0 from admin user, and configured OAuth.
Using following curl command I obtained the access token curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic *Z3hqMUs3MGxmU0lweEc0M2xhMnplbUZ4ZGtVYTpDVWhsUXl5NTJsbTYwVFlQUndlUzRYUVlGWHdh*, Content-Type: application/x-www-form-urlencoded" https://localhost:9445/oauth2/token {"token_type":"bearer","expires_in":3299,"refresh_token":"ec7fe1ba34d96255b9a4c2d68f25a728","access_token":"bdc812ca2cb1a554e911a5c7bb1930"} Thereafter I issued the same command with the Authorization header value modified. (Appended 123) curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic *Z3hqMUs3MGxmU0lweEc0M2xhMnplbUZ4ZGtVYTpDVWhsUXl5NTJsbTYwVFlQUndlUzRYUVlGWHdh123*, Content-Type: application/x-www-form-urlencoded" https://localhost:9445/oauth2/token But still the access token was returned without an issue {"token_type":"bearer","expires_in":2031,"refresh_token":"ec7fe1ba34d96255b9a4c2d68f25a728","access_token":"bdc812ca2cb1a554e911a5c7bb1930"} Shouldn't this validate the Authorization header value and throw an exception? Thanks, Sajith -- Sajith Kariyawasam *Committer and PMC member, Apache Stratos, * *WSO2 Inc.; http://wso2.com <http://wso2.com>* *Mobile: 0772269575*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
