Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove client secret field from metatoken #318

Merged
merged 6 commits into from
Aug 29, 2018
Merged

Remove client secret field from metatoken #318

merged 6 commits into from
Aug 29, 2018

Conversation

dennyverbeeck
Copy link
Contributor

@dennyverbeeck dennyverbeeck commented Aug 29, 2018
edited
Loading

  • No longer include client secret in the /api/meta-token response
  • Make client secrets empty for public OAuth clients
  • Update documentation
  • Add an ExceptionTranslator for Spring Security OAuth's NoSuchClientException: trying to initiate an OAuth flow with a non-existing client would result in an Internal Server Error response, now it is translated to a Bad Request response

Closes #317

@blootsvoets
Update README.md
d402bcd 
Reflect the QR code contents: only a URL
blootsvoets
blootsvoets reviewed Aug 29, 2018
View reviewed changes
README.md
```
POST MyId:MySecret /oauth/token
POST /oauth/token
Copy link
Contributor

@blootsvoets blootsvoets Aug 29, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this need to include the client ID as a username, i.e. MyId@/oauth/token?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, I have specified it in the paragraph above this line. I thought it was more clear to explicitly state the use of HTTP basic authentication with client id as username and empty password, then the MyId@ notation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah ok, I missed that.

@blootsvoets blootsvoets merged commit 2ddb145 into release-0.5.0 Aug 29, 2018
@blootsvoets blootsvoets deleted the remove_client_secret_field_from_metatoken branch August 29, 2018 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blootsvoets blootsvoets blootsvoets approved these changes

@nivemaham nivemaham Awaiting requested review from nivemaham

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dennyverbeeck @blootsvoets