In beta1 I use to see the following flow. Request the javascript using container=oclc
http://ocwms.worldkat.qa.oclc.org/opensocial/gadgets/js/oclccontainer:userpr efsui:rpc.js?nocache=1&c=1&debug=1&container=oclc The iframe request would then look as follows http://ocwms.worldkat.qa.oclc.org/opensocial/gadgets/ifr?url=https%3A%2F%2Fw orldkat.qa.oclc.org%2Fgallery%2Fgadgets%2F40%2Fxml&container=oclc&view=defau lt&lang=en&country=US&debug=0&nocache=1&sanitize=0&v=584fb331f9d4272d7164ccf e49e0569c&st=oclc%3ATOKEN&testmode=0&parent=http%3A%2F%2Focwms.worldkat.qa.o clc.org&mid=0 Notice that the container is CORRECT (oclc). For length purpose I did not show the entire length of our security token (it¹s long) so I just put TOKEN. In beta2 I see http://platform.oclc.org:8080/opensocial/gadgets/ifr?url=http%3A%2F%2Fplatfo rm.oclc.org%3A8080%2Fopensocial-demo%2Fgadgets%2Fsettitle.xml&container=defa ult&view=default&lang=en&country=US&debug=0&nocache=0&sanitize=0&v=1545d7ce1 25d3b0f296d91751cbba444&st=%25st%25&testmode=0&parent=http%3A%2F%2Fplatform. oclc.org%3A8080&mid=0#rpctoken=147042121 Notice the container is WRONG (default) and that the ST param is null because when it went to lookup the crypter for the container it was not found (I¹m not sure why default isn¹t found... Still checking on that). If I hardcode OCLC at BlobCrypter crypter = crypters.get(aToken.getContainer()); In BlobCrypterSecurityTokenCodec when it does the crypter lookup then everything works fine. Does anyone have any ideas what may have changed and where to look? doug
