New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorization Endpoint : revisit `access_token` parameter in Authorization Request #911

Closed
yuriyz opened this Issue Sep 25, 2018 · 2 comments

Comments

Projects
None yet
1 participant
@yuriyz
Contributor

yuriyz commented Sep 25, 2018

We have access_token parameter in Authorization Request, we should carefully check why do we need it since it is not present in OAuth2 or Connect spec.

26.09.18 Mike: The RP should not be able to exchange an access token at the authorization endpoint.

@yuriyz yuriyz added this to the 3.1.5 milestone Sep 25, 2018

yuriyz added a commit that referenced this issue Dec 5, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Dec 5, 2018

oxtrust : added configuration property to disable/enable authorizatio…
…n by access_token at Authorization Endpoint (false by default).

GluuFederation/oxAuth#911

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Dec 5, 2018

oxtrust (4.0): added configuration property to disable/enable authori…
…zation by access_token at Authorization Endpoint (false by default).

GluuFederation/oxAuth#911

(cherry picked from commit 3c54329)
@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Dec 5, 2018

For 3.1.5 introduced allowAuthorizationByAccessToken configuration property which is false by default. In this way we are deprecating authorization by access_token at Authorization Endpoint.

@nynymike : in 4.0, I propose completely remove authorization by access_token from Authorization Request.

@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Dec 5, 2018

Scheduled ticket for removing in 4.0 here #957 .

@yuriyz yuriyz closed this Dec 5, 2018

yuriyz added a commit that referenced this issue Dec 6, 2018

yuriyz added a commit that referenced this issue Dec 6, 2018

#911 : disabled deprecated tests
#911

(cherry picked from commit bcc0b19)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment