I agree with Li's suggested approach. Making the request parameters available on the OAuth2Accessor means they'll be generally available to all the different handlers/phases of the OAuth2 flow. Plus it doesn't require signature changes on the handler interfaces, which is nice.
On Thu, Dec 8, 2011 at 2:24 PM, Li Xu <[email protected]> wrote: > Hi, Mike > > Thanks for the usecase. It makes sense to me and it could be quite common > to have vendor specific extension parameters. Just think we may need a > generic way to support that for both authorization endpoint and token > endpoint... > > Here's a suggestion... > Pass in real request parameters from HttpRequest into OAuth2Accessor as a > Map. This can be set under BasicOAuth2Request.fetch function just before > attemptFetch. > Then it will be available for all the endpoint to use for the whole OAuth2 > flow. > > Thanks, > li >
