Details
-
Feature Request
-
Status: Closed
-
Major
-
Resolution: Done
-
1.4.0.Final
-
None
Description
The specs is here http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#query-param . We may need to add support for 2.2 and 2.3 .
It might be useful for the scenarios like websockets, as javascript WebSockets doesn't seem to have a way to attach "Authorization: Bearer" header - http://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api .
Not sure if it should be enabled by default or just on demand (There are some security implications for sending token in query param. See the specs). Maybe we can support authentication through token in query parameter just for HTTP Upgrade requests.
Attachments
Issue Links
- incorporates
-
RHSSO-466 Adapters: support for authentication with bearer token sent in query param (or POST body)
-
- Closed
-