Announcement Announcement Module
Collapse
No announcement yet.
combining OAuth1 and OAuth2 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • combining OAuth1 and OAuth2

    Hi,

    It looks like recent changes in OAuth2AuthenticationProcessingFilter make it fail on Authorization:-headers that are not OAuth2 ones:
    Code:
    Caused by: org.springframework.security.authentication.BadCredentialsException: Missing token
    	at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:87)
    In previous versions (before this commit, when this filter was still called OAuth2ProtectedResourceFilter) it silently continued (according to the source, not tested myself), which would let me combine OAuth1 and OAuth2 filters in one chain.

    Could this be a regression of SECOAUTH-42?

  • #2
    I guess you could loosely associate it with SECOAUTH-42 but that is really old, so I don't want to re-open it or call this a regression really. And do you really want OAuth2 and OAuth1 for the same resources? The filter is so much nicer than it was in so many other ways, and SECOAUTH-236 has shown lots of ways that this is difficult in general, so I don't want to go back to the old one. Can you suggest what would work better (e.g. via a pull request)?

    Comment

    Working...
    X