spring-security-oauth icon indicating copy to clipboard operation
spring-security-oauth copied to clipboard

Published 20 hours ago verified publisher icon Baeldung

Resolved issue #293 related to client_secret being passed in POST

Open dbuchwald opened this issue 3 years ago • 2 comments
trafficstars

As described in the issue #293, current setup is not correct - client secret should never be passed to user browser or mobile app. This is the simplest solution based on disabling requirement for client authentication when obtaining token.

dbuchwald avatar Mar 27 '22 19:03 dbuchwald

@dbuchwald this seems like a long-lived branch. Please advise on its status.Thanks :)

ukhan1980 avatar Aug 07 '22 12:08 ukhan1980

Well, it was a simple change, and it was to be investigated by admins, but I have never received any feedback, so I can’t really say whether any decision regarding the PR has been made.

Wiadomość napisana przez ukhan1980 @.***> w dniu 07.08.2022, o godz. 15:25:



@dbuchwaldhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdbuchwald&data=05%7C01%7C%7C05cfcaecc9c04ccfcbab08da786fe78d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637954719271107543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=uDdd2BIAqMckNB99dWUs0vcQTf9YrK2KZ%2B56qxS%2Bsmg%3D&reserved=0 this seems like a long-lived branch. Please advise on its status.Thanks :)

— Reply to this email directly, view it on GitHubhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FBaeldung%2Fspring-security-oauth%2Fpull%2F294%23issuecomment-1207396874&data=05%7C01%7C%7C05cfcaecc9c04ccfcbab08da786fe78d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637954719271107543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cXcx%2F6X48HNm6FOxP353HxcTCUDGr6d4ppnHQlvmEh8%3D&reserved=0, or unsubscribehttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAMBKNYJ4NMYQNNFPZFCDV3VX6TLJANCNFSM5RZHGS4A&data=05%7C01%7C%7C05cfcaecc9c04ccfcbab08da786fe78d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637954719271107543%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mE4rNcN1aP0K3I6pS4OYezz7HM7pyZk6irEhI1Upp2g%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>

dbuchwald avatar Aug 07 '22 12:08 dbuchwald

Sorry for the delay @dbuchwald

Thanks for the correction - I've merged the PR now.

lor6 avatar Sep 15 '22 14:09 lor6