[NXP-26431] OAuth 2.0: Token Request fails for alternate client authentication (RFC Section 4.1.3) - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 10.3
Fix Version/s: 10.10
Component/s: OAuth

Tags:
- nxPresales
- nxfit
Backlog priority:
700
Sprint:
nxfit 10.10.4, nxfit 10.10.5
Story Points:
3

Description

According to the OAuth 2.0 Section 4.1.3, the client_id is 'required' for Access Token Requests when alternate forms of authentication are not provided. Nuxeo should also check the Authorization header for the client and secret information.

Reference:
https://tools.ietf.org/html/rfc6749#section-4.1.3

Alternate authentication:
https://tools.ietf.org/html/rfc6749#section-3.2.1

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

NXP-26431.patch
3 kB
2018-12-07 19:12

Activity

People

Assignee:

Antoine Taillefer

Reporter:

Damon Brown

Participants:

Anahide Tchertchian, Antoine Taillefer, Damon Brown

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2018-12-07 19:10

Updated:

2019-01-16 15:16

Resolved:

2019-01-08 14:21

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1d 1h