I didn¹t notice that the request coming into addOAuth2Authentication wasn¹t a HttpServletRequest but instead a org.apache.shindig.gadgets.http.HttpRequest with a securityToken accessor. Great!
One more question if I might... What is the best way to add another authentication handler? Right now I¹m overriding OAuth2HandlerModule and replacing the guice configuration with mine. Then in provideClientAuthenticationHandlers I add my instance to the ImmutableList. Is this correct or is there a way to do this without overriding OAuth2HandlerModule? Also, there is a typo in the ClientAuthenticationHandler (it has geClientAuthenticationType, instead of get). That means my implementation also has to use the incorrect spelling. Thanks, doug On 12/5/11 3:21 PM, "daviesd" <[email protected]> wrote: > Ah, now I see that the accessor clientAuthenticationType is the thing that > dictates which one is called. Makes sense. > > So it looks like this is what I want for my requirements. The only > outstanding question then is if I can access the security token. Not seeing a > readily available way of doing this. > > Thanks, > doug > > > On 12/5/11 2:29 PM, "daviesd" <[email protected]> wrote: > >> According to this >> >> http://docs.opensocial.org/display/OSD/Client+Authentication >> >> If I want to add additional request header values to the ³authorization code >> request² I would need to add another client authentication handler. Am I >> understanding this correctly? Do all the handlers get called, so for example >> there would be StandardAuthorization and BasicAuthorization data as well as >> whatever I add? >> >> Also, inside of these handlers do I have access to the request security >> token? I need to pull the value I am passing along from there. >> >> Any help or ideas are appreciated. >> >> Doug
