Re: Shindig running on different domain than container REVISITED

2012-03-22 Thread Michael Matthews
First of all, thanks for the quick response to this. I've modified our UI to pass the API_HOST and API_PATH as mentioned below. I know see an HTTP OPTIONS request failing. From the browser's console: XMLHttpRequest cannot load

Re: Bad deploy of 3.0 snapshots

2012-01-26 Thread Michael Matthews
Disregard. Since I sent this, the 1/26 snapshots became available and everything is working fine. Thanks Mike On 1/26/12 11:21 AM, Michael Matthews matth...@oclc.org wrote: Hello all. It appears there was a problem with the latest deploy of the 3.0.0 snapshot artifacts to the maven repo

Re: Allowing an authorization server to provide an updated scope for OAuth2 tokens

2012-01-17 Thread Michael Matthews
Software Emerging Standards mgma...@us.ibm.com | Office: 1 919 254 9702 | | From: | | -| |Michael Matthews matth

Expected behavior when OAuth2 access token expires and no refresh token was given

2012-01-17 Thread Michael Matthews
Hello, I'm testing our OAuth2 consumer implementation with Shindig's oauth2_google.xml gadget. Google is sending an access token (and no refresh token) and everything works until that access token expires. When that access token expires, what is the expected behavior? Should Shindig attempt to

Allowing an authorization server to provide an updated scope for OAuth2 tokens

2012-01-13 Thread Michael Matthews
Section 3.3 [1] of the OAuth2 spec suggests that an authorization server may issue an access token with a scope different than what was requested. It goes on to say that the authorization server SHOULD include a scope response parameter to inform the client of the actual scope granted. We'd like

Re: OAuth2Cache

2012-01-06 Thread Michael Matthews
I could use some feedback on how to implement the OAuth2Cache interface in the OAuth2 consumer implementation. Doug and I are following the approach outlined earlier where our OAuth2Cache is essentially a no-op implementation of OAuth2Cache where all methods do nothing, with the exception of the

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread Michael Matthews
Hi Li. Doug and I work at the same organization. We have an application where users authenticate and are associated with an organization. There is contextual data that our application puts in Shindig's SecurityToken via it's trustedJson field. One of these fields is an identifier for the user's

Oauth 2 consumer implementation

2011-11-21 Thread Michael Matthews
My organization is investigating implementing a production-ready version of Shindig's OAuth2 Consumer implementation. After reviewing the wiki at opensocial.org (in particular http://docs.opensocial.org/display/OSD/OAuth+2.0+Consumer+Implementation+in+ Apache+Shindig) and studying the code to