Spring Security OAuth
  1. Spring Security OAuth
  2. SECOAUTH-122

Client secret is not stored in unconfirmed authorization code

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Complete
    • Affects Version/s: 1.0.0.M3
    • Fix Version/s: 1.0.0.M4
    • Component/s: OAuth 2
    • Labels:
      None

      Description

      Client secret is not stored in unconfirmed authorization code. The net effect is that tonr/sparklr doesn't work if there is a client secret.

        Activity

        Hide
        Dave Syer added a comment -

        I think this is now fixed properly. It works, anyway.

        Show
        Dave Syer added a comment - I think this is now fixed properly. It works, anyway.
        Hide
        Dave Syer added a comment -

        Re-opened because the spec actually doesn't require the client secret to be sent in the authorization request.

        Show
        Dave Syer added a comment - Re-opened because the spec actually doesn't require the client secret to be sent in the authorization request.
        Hide
        Dave Syer added a comment -

        Fixed (again). The client now sends client_id in auth request and client_id:client_secret in token request.

        Show
        Dave Syer added a comment - Fixed (again). The client now sends client_id in auth request and client_id:client_secret in token request.
        Hide
        Ryan Heaton added a comment -

        Closed with 1.0.0.M4.

        Show
        Ryan Heaton added a comment - Closed with 1.0.0.M4.

          People

          • Assignee:
            Dave Syer
            Reporter:
            Dave Syer
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: