-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization Endpoint : revisit access_token
parameter in Authorization Request
#911
Labels
Milestone
Comments
yuriyz
added
enhancement
libs update, re-factroring, etc.
high priority
resolution must be prioritized
labels
Sep 25, 2018
yuriyz
added a commit
that referenced
this issue
Dec 5, 2018
yuriyz
added a commit
to GluuFederation/oxTrust
that referenced
this issue
Dec 5, 2018
…n by access_token at Authorization Endpoint (false by default). GluuFederation/oxAuth#911
yuriyz
added a commit
to GluuFederation/oxTrust
that referenced
this issue
Dec 5, 2018
…zation by access_token at Authorization Endpoint (false by default). GluuFederation/oxAuth#911 (cherry picked from commit 3c54329)
For 3.1.5 introduced @nynymike : in 4.0, I propose completely remove authorization by |
Scheduled ticket for removing in 4.0 here #957 . |
yuriyz
added a commit
that referenced
this issue
Dec 6, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
We have
access_token
parameter in Authorization Request, we should carefully check why do we need it since it is not present in OAuth2 or Connect spec.oxAuth/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeRestWebService.java
Line 329 in 1b0404f
26.09.18 Mike: The RP should not be able to exchange an access token at the authorization endpoint.
The text was updated successfully, but these errors were encountered: