Jason Klapste created CXF-5569:
----------------------------------
Summary: OAuth AbstractAuthFilter and query parameters used for
signing
Key: CXF-5569
URL: https://issues.apache.org/jira/browse/CXF-5569
Project: CXF
Issue Type: Improvement
Components: JAX-RS Security
Affects Versions: 2.7.10
Reporter: Jason Klapste
Priority: Minor
In the AbstractAuthFilter the query (or body) parameters used for signing are
only those included in ALLOWED_OAUTH_PARAMETERS.
But if I'm reading the RFC correctly, it looks are though ALL parameters should
be considered for signature generation.
To support both backwards compatibility, can I suggest exposing the
ALLOWED_OAUTH_PARAMETERS to subclasses (either directly or via getter/setters)
along with a flag that can be set to automatically include any and all
parameters?
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
