Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-14 Thread Li Xu
> > Sorry for the late reply. yes, please do. Please close the review and JIRA > issue. > Thanks, Li

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-13 Thread daviesd
Li. Thanks again for committing my changes. This is gonna really help our implementation. Do I need to close out the review and jira? doug On 12/12/11 3:10 PM, "Li Xu" wrote: > ah, I see, no worry. I can clean up the code style when committing it. > thanks.

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-12 Thread Ryan J Baxter
: 12/12/2011 02:54 PM Subject:Re: OAUTH2 ClientAuthenticationHandler: No access to security token Awesome Li! As far as the code style comment. I'm an IntelliJ person. Anyone have the templates for that? If not, I'll see about moving over to Eclipse to do the edits. doug O

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-12 Thread daviesd
Li, revision submitted. Cleaned up the code to use Maps, used the Eclipse formatters, and added a junit test. Thanks for your help. doug On 12/12/11 3:10 PM, "Li Xu" wrote: > ah, I see, no worry. I can clean up the code style when committing it. > thanks.

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-12 Thread Li Xu
ah, I see, no worry. I can clean up the code style when committing it. thanks.

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-12 Thread daviesd
Awesome Li! As far as the code style comment. I'm an IntelliJ person. Anyone have the templates for that? If not, I'll see about moving over to Eclipse to do the edits. doug On 12/12/11 2:50 PM, "Li Xu" wrote: > Thanks for the patch, Doug! It looks pretty good to me. only a few minor > thin

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-12 Thread Li Xu
Thanks for the patch, Doug! It looks pretty good to me. only a few minor things I have added to the review. Thanks! li

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-12 Thread Dan Dumont
You may need to tell your SVN client to add them to source control Then create the patch and make sure they are selected. (if you're using eclipse, that's what I use) From: daviesd To: , Date: 12/12/2011 11:38 AM Subject: Re: OAUTH2 ClientAuthenticationHandler: No

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-12 Thread daviesd
Hmmm... I included 2 NEW files in the diff, but they didn't get added to the review. How do I do this? doug On 12/12/11 11:18 AM, "daviesd" wrote: > I have submitted a revision to the review (3064) that implements the > OAuth2RequestParameterGenerator class. I look forward to your responses

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-12 Thread daviesd
I have submitted a revision to the review (3064) that implements the OAuth2RequestParameterGenerator class. I look forward to your responses and getting this integrated as quickly as possible. Thanks for the guidance, doug On 12/8/11 3:50 PM, "Li Xu" wrote: > I see. Just a thought, Inject an

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread daviesd
We were having the same discussion here. Stayed tune... I have my project for tomorrow. :) doug On 12/8/11 3:50 PM, "Li Xu" wrote: > I see. Just a thought, Inject an OAuth2RequestParameterGenerator here might > be helpful...It could provide a function to generate parameter based on > HttpRequ

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread Li Xu
I see. Just a thought, Inject an OAuth2RequestParameterGenerator here might be helpful...It could provide a function to generate parameter based on HttpRequest. The default implemenation doesn't have to generate any parameter. thanks, li > >

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread daviesd
I guess my disconnect is that OUR implementation of the GrantRequestHandler used the security token to PULL OUT the value we needed. In other words our container had set the security token with trustedJson that held the extra parameters we needed. Thus when the intial makeRequest happened, the 's

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread Li Xu
Hi Doug, Sure, np. Yes, it's hard to filter the parameter. Maybe all the query parameters as a first step? NO need to say sorry... we have all been new to Shindig once before. Let's still use the same issue and review request to keep track of this. When a new patch is ready, please just upload the

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread A Clarke
I agree with Li's suggested approach. Making the request parameters available on the OAuth2Accessor means they'll be generally available to all the different handlers/phases of the OAuth2 flow. Plus it doesn't require signature changes on the handler interfaces, which is nice. On Thu, Dec 8, 2

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread daviesd
Thanks Li. That was my initial implementation (to add something to the accessor). However I backed off because I was trying to be the least intrusive. Mike and I will go back and see if there is a better way to do this. Just not sure how you'd make it generic enough to figure out what request p

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread Li Xu
Hi, Mike Thanks for the usecase. It makes sense to me and it could be quite common to have vendor specific extension parameters. Just think we may need a generic way to support that for both authorization endpoint and token endpoint... Here's a suggestion... Pass in real request parameters from H

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-08 Thread Michael Matthews
Hi Li. Doug and I work at the same organization. We have an application where users authenticate and are associated with an organization. There is contextual data that our application puts in Shindig's SecurityToken via it's trustedJson field. One of these fields is an identifier for the user's

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-07 Thread Li Xu
Doug, Thanks for submit the review request. Would you please elaborate your usecase why you need to pass additional parameter to authorization url? would like to understand how common is the usecase. thanks, li

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-07 Thread Li Xu
Thanks, Doug! Please remove the demo code from the patch and create a review request. Thanks! li

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-07 Thread Dan Dumont
indig , Date: 12/07/2011 12:08 PM Subject: Re: OAUTH2 ClientAuthenticationHandler: No access to security token I¹m not 100% sure of how I submit a patch as a non-committer, but I¹ve created https://issues.apache.org/jira/browse/SHINDIG-1672 with a proposed patch for this

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-07 Thread daviesd
I¹m not 100% sure of how I submit a patch as a non-committer, but I¹ve created https://issues.apache.org/jira/browse/SHINDIG-1672 with a proposed patch for this issue. Essentially it passes the HttpRequest object along to the GrantRequestHandler so that it has access to things like the security

Re: OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-06 Thread daviesd
I see where my misunderstanding was. I thought the ClientAuthenticationHandler was called to set authentication values before the authorization code request, based on this link (it¹s misleading). http://docs.opensocial.org/display/OSD/Client+Authentication > "Allows shindig developers to inject

OAUTH2 ClientAuthenticationHandler: No access to security token

2011-12-06 Thread daviesd
Argh! Not so great. The security token seems to be null even though I see the st param on the makeRequest call. I don¹t see any way inside of my ClientAuthenticationHandler to get at the original request object or the security token. This presents a bit of a problem for me, since we need to pas