Hi Li. Doug and I work at the same organization.
We have an application where users authenticate and are associated with an organization. There is contextual data that our application puts in Shindig's SecurityToken via it's trustedJson field. One of these fields is an identifier for the user's organization. Our identity management team is developing an OAuth2 authorization server and are requesting that we pass some of this contextual data to the authorization server when Shindig makes the request to the authorization url for an authorization grant. Their request seems reasonable as section 8.2 of the OAuth2 spec suggests that additional vendor-specific parameters can be passed to the authorization url. This patch would allow parameters to be appended to the authorization grant request by passing them on the query string. Maybe there's a better way for the Shindig container to communicate additional parameters at runtime on a authorization request? Thanks Mike On 12/7/11 4:57 PM, "Li Xu" <leeg...@gmail.com> wrote: > Doug, > Thanks for submit the review request. > Would you please elaborate your usecase why you need to pass additional > parameter to authorization url? would like to understand how common is the > usecase. > thanks, > li
