Comment 28 for bug 1873290
Revision history for this message
| Nick Tait (nickthetait) wrote Re: OAuth1 request token authorize silently ignores roles parameter | #28 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I support Class A for this bug too. As far as the description, I don't have many specific improvements to suggest except the last sentence might be improved as "This results in a malicious user gaining more role assignments than the creator intended, such as admin access." Here are the parts that confuse me:
"Previously" was this recent or ancient news? does it matter?
"ignored" by what component(s)?
Difficult to distinguish between the two (access vs keystone) tokens. Can this be simplified somehow?
"the creator" does this refer to the user, an administrator, keystone, or something else?