[
https://issues.apache.org/jira/browse/SHINDIG-159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585148#action_12585148
]
Brian Eaton commented on SHINDIG-159:
-------------------------------------
My continuous refrain in this reply will be "It's dirk's fault." I'm
going to say that even if he was nowhere near the code in question.
Will fix. It's dirk's fault.
OAuthStoreImpl should be BasicOAuthStore, then. It stores access
tokens in memory, so they end up vanishing on restart.
I think we should ban the word token from all code. We could replace
it with "thingy" and it would be equally communicative. Will fix.
Dirk's fault, will fix.
Multiple authors. Will fix to use hierarchy of exceptions.
Neat idea, I'll try it. OAuth isn't really "optional" for that gadget, though.
The syndicator config seems useful in real sites today, where as the
oauth.js needs several lines per OAuth using gadget. I wouldn't
recommend oauth.js to real sites, so I'd rather it wasn't in the
syndicator file.
Dirk's fault, will fix.
We need to fetch specs. There is data in them that is necessary to
prime the (soon to be renamed) GadgetTokenStore.
I think in the real world the token store will probably be filled by
either a directory or a container, that's why there is a protected
constructor to OAuthFetcherFactory that doesn't do the spec fetching.
It's really a chain, the OAuthFetcher uses the next fetcher in the
chain. However, there is extra information from the OAuthFetcher that
needs to be propagated back to the client (even for successful OAuth
fetches). I need some mechanism to get that data back, and peeking at
the OAuthFetcher seems to be the shortest distance between point A and
point B.
Probably shouldn't be HTTP headers, because then we can confuse data
sent from remote servers with information generated within Shindig.
Mixing control and data channels is not a good idea.
I'm skeptical of trying to make this more general without another
concrete example of a fetcher that needs to insert new fields in the
JSON response.
Heh. https just works. =)
OK, thanks for the feedback. I'll fix up most of the things you
mentioned and then we can take another swing at it.
> OAuth support in Shindig
> ------------------------
>
> Key: SHINDIG-159
> URL: https://issues.apache.org/jira/browse/SHINDIG-159
> Project: Shindig
> Issue Type: Bug
> Components: Gadgets Server - Java
> Reporter: Brian Eaton
> Attachments: full-oauth.patch
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
