I guess my disconnect is that OUR implementation of the GrantRequestHandler
used the security token to PULL OUT the value we needed.  In other words our
container had set the security token with trustedJson that held the extra
parameters we needed.  Thus when the intial makeRequest happened, the 'st'
param went along for the ride.

Now we are saying we should just pull all the request parameters off of the
incoming makeRequest.  Problem is it's initiated by the gadget, which
doesn't have knowledge of the value we stored in the security token.  The
security token was my communication between the container and the gadget.

For the generic case I'd have to BLINDLY pass along ALL the parameters to
the authorization request (if we wanted a generic solution).  I hate writing
a GrantRequestHandler that is specific to a provider (although that's
basically what I did to transition our parameter along), but if I don't know
what parameters to pass along I'm not sure how to generically do this.

I have to give this more thought.

doug


On 12/8/11 2:44 PM, "Li Xu" <leeg...@gmail.com> wrote:

> Hi Doug,
> Sure, np.
> Yes, it's hard to filter the parameter. Maybe all the query parameters as a
> first step?
> 
> NO need to say sorry... we have all been new to Shindig once before. Let's
> still use the same issue and review request to keep track of this. When a
> new patch is ready, please just upload the patch in the review request.
> 
> Thanks!
> li


Reply via email to