[mitreid-connect] protecting authorize endpoint
Zhanna Tsitkov
tsitkova at mit.edu
Thu Aug 20 09:45:19 EDT 2015
Hi,
According to the documentation for configure method of AuthorizationServerConfigurer interface
"
* The /oauth/authorize endpoint also needs to be secure, but that is a normal user-facing endpoint and should be
* secured the same way as the rest of your UI, so is not covered here. The default settings cover the most common
* requirements, following recommendations from the OAuth2 spec, so you don't need to do anything here to get a
* basic server up and running.
"
In MitreID Connect it looks like this EP is not explicitly protected. How it is done?
Thanks,
Zhanna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150820/3e2b8b22/attachment.html
More information about the mitreid-connect
mailing list