Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-26431

OAuth 2.0: Token Request fails for alternate client authentication (RFC Section 4.1.3)

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.3
    • Fix Version/s: 10.10
    • Component/s: OAuth
    • Backlog priority:
      700
    • Sprint:
      nxfit 10.10.4, nxfit 10.10.5
    • Story Points:
      3

      Description

      According to the OAuth 2.0 Section 4.1.3, the client_id is 'required' for Access Token Requests when alternate forms of authentication are not provided. Nuxeo should also check the Authorization header for the client and secret information.

      Reference:
      https://tools.ietf.org/html/rfc6749#section-4.1.3

      Alternate authentication:
      https://tools.ietf.org/html/rfc6749#section-3.2.1

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 1 hour
                1d 1h

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.