My organization is investigating implementing a "production-ready" version of Shindig's OAuth2 Consumer implementation. After reviewing the wiki at opensocial.org (in particular http://docs.opensocial.org/display/OSD/OAuth+2.0+Consumer+Implementation+in+ Apache+Shindig) and studying the code to Shindig's sample OAuth2 Consumer implementation, it appears that we need to implement our own version of the OAuth2PersistenceModule (e.g. use a database instead of oauth2.json).
Some of our remaining questions center around when/how some of the OAuth2 related data is persisted. Presumably, a gadget developer will declare what OAuth2 services they use in their gadget.xml like so: <OAuth2> <Service name="googleAPI_test" scope="https://www.google.com/m8/feeds/"> <Authorization url="https://accounts.google.com/o/oauth2/auth"></Authorization> <Token url="https://accounts.google.com/o/oauth2/token"></Token> </Service> </OAuth2> They will then invoke this service using gadgets.io.makeRequest(). Is the expectation that the Shindig container have this OAuth2 provider pre-configured before the gadget is rendered? Is it possible to register a provider (in this case Google) at runtime? Thanks Mike