Re: Expected behavior when OAuth2 access token expires and no refresh token was given

2012-01-17 Thread A Clarke
Mike, The intended behavior on a OAuth2Request is to never return a 40X to the gadget and should be independent of the persister queries you describe. (One area I'm still a little fuzzy on myself.) A = Access Token R = Referesh Token + = in persistence and valid, not-expired - = does not exist i

Expected behavior when OAuth2 access token expires and no refresh token was given

2012-01-17 Thread Michael Matthews
Hello, I'm testing our OAuth2 consumer implementation with Shindig's oauth2_google.xml gadget. Google is sending an access token (and no refresh token) and everything works until that access token expires. When that access token expires, what is the expected behavior? Should Shindig attempt to re

Re: Server error when doing gadgets.io.makeRequest

2012-01-17 Thread Dan Dumont
This looks suspiciously like fallout from the recent dep change of xstream Paul, have you been able to render gadgets? I can't seem to render anything, the xhr to get the gadget info fails with a 500. From: Dan Dumont/Westford/IBM@Lotus To: dev@shindig.apache.org, Date: 01/17/2012 1

Re: Allowing an authorization server to provide an updated scope for OAuth2 tokens

2012-01-17 Thread Michael Matthews
Hi Matthew, I think the usecase where gadgets can see the scope that was granted is useful, but it¹s not what we had in mind. Our use case is an application where a user authenticates and is associated with an institution. It¹s possible for a user to login with a different institution context la

Server error when doing gadgets.io.makeRequest

2012-01-17 Thread Dan Dumont
Someone at work is running into this error, and I'm hoping someone might have run into it before or know's what's going on. Could this be related to a recent change? Perhaps some of the dependency upgrades? The call is gadgets.io.makeRequest(url, callback, params), the url is http://api.myspac

RE: Access-Control headers for rendered gadgets?

2012-01-17 Thread Ciancetta, Jesse E.
>-Original Message- >From: Dan Dumont [mailto:ddum...@us.ibm.com] >Sent: Monday, January 16, 2012 10:19 AM >To: dev@shindig.apache.org >Subject: Access-Control headers for rendered gadgets? > >Is there a mechanism for a gadget to specify the x-domain endpoints it >wishes to communicate with