Li (and anyone else that is interested). I've reopened SHINDIG-1672 with a more specific usecase. As I started using the the auth_code/access_token flow I discovered that what was previously implemented didn't fully meet my needs.
I've tested this fix locally and it does what I need it to do. If the other flows need this logic someone with more knowledge than I have is going to have to implement. Thanks, doug On 1/31/12 10:00 AM, "Doug Davies (Updated) (JIRA)" <j...@apache.org> wrote: > > [ > https://issues.apache.org/jira/browse/SHINDIG-1672?page=com.atlassian.jira.plu > gin.system.issuetabpanels:all-tabpanel ] > > Doug Davies updated SHINDIG-1672: > --------------------------------- > > Description: > It would be nice if the GrantRequestHandler had access to the original request > object so that it could use values like the security token to pass along > additional params to the authorization code request. In our implementation we > set values within the security token's trusted json field that we'd like to > pass along to our GrantRequestHandler implementation. > > NEW USECASE (1/31/12): > > Allow additional parameters to be appended to both the auth code request > (query string) and access token request (body). > > ** If the other 2 flows need to be updated that can be done as well, but I > don't know enough about those flows to know where to plug in. > > Remove these lines > > for (Map.Entry<String, String> entry : > accessor.getAdditionalRequestParams().entrySet()) { > request.setParam(entry.getKey(), entry.getValue()); > } > > From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and > StandardAuthenticationHandler. > > Leave the one in CodeGrantTypeHandler to support the additional parameters on > the auth code request. > > THEN...add these lines to > CodeAuthorizationResponseHandler:getAuthorizationBody to handle the access > token request > > (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); ) > > for (Map.Entry<String, String> entry : > accessor.getAdditionalRequestParams().entrySet()) { > queryParams.put(entry.getKey(), entry.getValue()); > } > > > > was:It would be nice if the GrantRequestHandler had access to the original > request object so that it could use values like the security token to pass > along additional params to the authorization code request. In our > implementation we set values within the security token's trusted json field > that we'd like to pass along to our GrantRequestHandler implementation. > > > Please see updated use-case. I've discussed these changes with Li Xu and he is > going to review. > >> The HttpRequest object is not available to GrantRequestHandlers >> --------------------------------------------------------------- >> >> Key: SHINDIG-1672 >> URL: https://issues.apache.org/jira/browse/SHINDIG-1672 >> Project: Shindig >> Issue Type: Bug >> Components: Java >> Affects Versions: 3.0.0 >> Reporter: Doug Davies >> Fix For: 3.0.0 >> >> >> It would be nice if the GrantRequestHandler had access to the original >> request object so that it could use values like the security token to pass >> along additional params to the authorization code request. In our >> implementation we set values within the security token's trusted json field >> that we'd like to pass along to our GrantRequestHandler implementation. >> NEW USECASE (1/31/12): >> Allow additional parameters to be appended to both the auth code request >> (query string) and access token request (body). >> ** If the other 2 flows need to be updated that can be done as well, but I >> don't know enough about those flows to know where to plug in. >> Remove these lines >> for (Map.Entry<String, String> entry : >> accessor.getAdditionalRequestParams().entrySet()) { >> request.setParam(entry.getKey(), entry.getValue()); >> } >> From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and >> StandardAuthenticationHandler. >> Leave the one in CodeGrantTypeHandler to support the additional parameters on >> the auth code request. >> THEN...add these lines to >> CodeAuthorizationResponseHandler:getAuthorizationBody to handle the access >> token request >> (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); ) >> for (Map.Entry<String, String> entry : >> accessor.getAdditionalRequestParams().entrySet()) { >> queryParams.put(entry.getKey(), entry.getValue()); >> } > > -- > This message is automatically generated by JIRA. > If you think it was sent incorrectly, please contact your JIRA administrators: > https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa > For more information on JIRA, see: http://www.atlassian.com/software/jira > > >