From Ravi Nori <rnori(a)redhat.com>:
Ravi Nori has submitted this change and it was merged.
Change subject: aaa: Token validation does not need client and secret
......................................................................
aaa: Token validation does not need client and secret
Token validation should not check for client
id and client secret. Token validation can be
performed by sending request to sso/oauth/token-info
endpoint by sending the token and the scope
ovirt-ext=token-info:validate with proper
accept header of application/json.
An empty json response indicates the session
is alive and a json response with error_code
of invalid_grant indicates that the session
has expired.
Change-Id: If8f64e2e182ac9baf66cdb8d70946719d71f4da9
Bug-Url:
https://bugzilla.redhat.com/1416491
Signed-off-by: Ravi Nori <rnori(a)redhat.com>
---
M
backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/OAuthTokenInfoServlet.java
1 file changed, 24 insertions(+), 19 deletions(-)
Approvals:
Martin Peřina: Looks good to me, approved
Ravi Nori: Verified
Jenkins CI: Passed CI tests
--
To view, visit
https://gerrit.ovirt.org/74532
To unsubscribe, visit
https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If8f64e2e182ac9baf66cdb8d70946719d71f4da9
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Ravi Nori <rnori(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Martin Peřina <mperina(a)redhat.com>
Gerrit-Reviewer: Ravi Nori <rnori(a)redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org>