[CXF-6572] OAuth2 Hawk Scheme requests - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Incomplete
Affects Version/s: None
Fix Version/s: None
Component/s: JAX-RS Security
Labels:
- oauth2
- security

Estimated Complexity:
Unknown

Description

Hi,

References: https://github.com/hueniverse/hawk

Just a few general requests regarding the Hawk scheme.

1) It looks like the port being used in the Hawk digest is -1 if the port is unspecified. Is it possible to default to 80 for http and 443 for https instead of -1? For clients, I don't think -1 is a standard behavior outside of Java if a port isn't specified and it can be confusing.

2) It looks like per the Hawk website above, the header's normalization string should begin with "hawk.1.header".

3) It would be great if request payload validation could be added. It looks like that is currently a spot where "" is being added in its place. I want to ensure that the request itself wasn't modified mid-request if using HTTP and not HTTPS. https://github.com/hueniverse/hawk#payload-validation

Thanks!

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Berto Murillo

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 31/Aug/15 18:13

Updated:: 18/Sep/23 18:49

Resolved:: 13/Sep/18 12:11