Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization Endpoint : revisit access_token parameter in Authorization Request #911

Closed
yuriyz opened this issue Sep 25, 2018 · 2 comments
Closed

Authorization Endpoint : revisit access_token parameter in Authorization Request #911

yuriyz opened this issue Sep 25, 2018 · 2 comments
Assignees
@yuriyz
Labels
enhancement libs update, re-factroring, etc. high priority resolution must be prioritized
Milestone
3.1.5

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Sep 25, 2018
edited
Loading

We have access_token parameter in Authorization Request, we should carefully check why do we need it since it is not present in OAuth2 or Connect spec.

oxAuth/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeRestWebService.java

Line 329 in 1b0404f

String accessToken,

26.09.18 Mike: The RP should not be able to exchange an access token at the authorization endpoint.
@yuriyz yuriyz added this to the 3.1.5 milestone Sep 25, 2018
@yuriyz yuriyz added enhancement libs update, re-factroring, etc. high priority resolution must be prioritized labels Sep 25, 2018
@yuriyz yuriyz mentioned this issue Sep 25, 2018
Closed
yuriyz added a commit that referenced this issue Dec 5, 2018
@yuriyz
#911 : deprecated authorization by access_token for Authorization End…
c3d0c4a 
…point

#911
yuriyz added a commit that referenced this issue Dec 5, 2018
@yuriyz
#911 (4.0): deprecated authorization by access_token for Authorizatio…
5c61653 
…n Endpoint

#911

(cherry picked from commit c3d0c4a)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Dec 5, 2018
@yuriyz
oxtrust : added configuration property to disable/enable authorizatio…
3c54329 
…n by access_token at Authorization Endpoint (false by default).

GluuFederation/oxAuth#911
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Dec 5, 2018
@yuriyz
oxtrust (4.0): added configuration property to disable/enable authori…
9683abf 
…zation by access_token at Authorization Endpoint (false by default).

GluuFederation/oxAuth#911

(cherry picked from commit 3c54329)
@yuriyz
Copy link
Contributor Author

yuriyz commented Dec 5, 2018
edited
Loading

For 3.1.5 introduced allowAuthorizationByAccessToken configuration property which is false by default. In this way we are deprecating authorization by access_token at Authorization Endpoint.

@nynymike : in 4.0, I propose completely remove authorization by access_token from Authorization Request.

@yuriyz yuriyz mentioned this issue Dec 5, 2018
Closed
@yuriyz
Copy link
Contributor Author

yuriyz commented Dec 5, 2018

Scheduled ticket for removing in 4.0 here #957 .

@yuriyz yuriyz closed this as completed Dec 5, 2018
yuriyz added a commit that referenced this issue Dec 6, 2018
@yuriyz
#911 : disabled deprecated tests
bcc0b19 
#911
yuriyz added a commit that referenced this issue Dec 6, 2018
@yuriyz
#911 : disabled deprecated tests
cd7ae5f 
#911

(cherry picked from commit bcc0b19)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
enhancement libs update, re-factroring, etc. high priority resolution must be prioritized
Projects
None yet
Milestone
3.1.5
Development

No branches or pull requests
1 participant
@yuriyz