Hi Sajith, Yes, I could also observe the same behavior. We do validate the authorization header before issuing token, this request fails if you insert 123 in the middle and gives "Client Authentication failed." error. I doubt whether there is a cut off done by length. Have to investigate further.
Thanks, Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka On Thu, Jul 16, 2015 at 1:32 PM, Sajith Kariyawasam <saj...@wso2.com> wrote: > Hi all, > > I registered a service provider in IS 5.0 from admin user, and configured > OAuth. > > Using following curl command I obtained the access token > curl -k -d "grant_type=password&username=admin&password=admin" -H > "Authorization: Basic > *Z3hqMUs3MGxmU0lweEc0M2xhMnplbUZ4ZGtVYTpDVWhsUXl5NTJsbTYwVFlQUndlUzRYUVlGWHdh*, > Content-Type: application/x-www-form-urlencoded" > https://localhost:9445/oauth2/token > > {"token_type":"bearer","expires_in":3299,"refresh_token":"ec7fe1ba34d96255b9a4c2d68f25a728","access_token":"bdc812ca2cb1a554e911a5c7bb1930"} > > Thereafter I issued the same command with the Authorization header value > modified. (Appended 123) > > curl -k -d "grant_type=password&username=admin&password=admin" -H > "Authorization: Basic > *Z3hqMUs3MGxmU0lweEc0M2xhMnplbUZ4ZGtVYTpDVWhsUXl5NTJsbTYwVFlQUndlUzRYUVlGWHdh123*, > Content-Type: application/x-www-form-urlencoded" > https://localhost:9445/oauth2/token > > But still the access token was returned without an issue > > > {"token_type":"bearer","expires_in":2031,"refresh_token":"ec7fe1ba34d96255b9a4c2d68f25a728","access_token":"bdc812ca2cb1a554e911a5c7bb1930"} > > Shouldn't this validate the Authorization header value and throw an > exception? > > Thanks, > Sajith > > -- > Sajith Kariyawasam > *Committer and PMC member, Apache Stratos, * > *WSO2 Inc.; http://wso2.com <http://wso2.com>* > *Mobile: 0772269575 <0772269575>* > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
