[jira] Created: (SHINDIG-338) OAuth consumer information should come from gadget spec, not from OAuth store

Wed, 04 Jun 2008 16:52:07 -0700 

OAuth consumer information should come from gadget spec, not from OAuth store
-----------------------------------------------------------------------------

                 Key: SHINDIG-338
                 URL: https://issues.apache.org/jira/browse/SHINDIG-338
             Project: Shindig
          Issue Type: Improvement
          Components: Gadget Rendering Server (Java)
            Reporter: Dirk Balfanz
         Attachments: leaner-token-store.txt

Currently, the consumer information for OAuth (access URL, request URL, 
authorize URL, etc.) is read from the oauth.json file at startup and then put 
into the OAuth store. At runtime, the information is then read back out of the 
OAuth store (instead of getting it directly from the (cached) gadget spec). 
This has several disadvantages: 

(1) If one of the gadgets in oauth.json is not accessible at startup time, 
shindig fails to start (we need to fetch the gadget spec to find out the 
consumer information)
(2) A gadget that doesn't want to use its own consumer key and secret (but 
wants to use shindig's mechanism to use a default key and secret) must still be 
listed in the oauth.json file, even though conceptually there is no reason to 
do so.

Attached is a patch that changes the OAuthStore interface and the semantics of 
one of the methods: Instead of expecting the oauth store to know the consumer 
information, and using that stored information to construct an OAuthAccessor (a 
datastructure used to sign OAuth requests), we now pass the consumer 
information into that method call. The OAuth store is simply expected to know 
the consumer key and secret. It will combine the public consumer information 
(passed into the method call) with the stored non-public information (consumer 
key and secret) to create the OAuthAccessor data structure. At runtime, we will 
obtain the public consumer information from the (cached) gadget spec. 

The patch also contains changes that allow makeRequest to forward to the the 
proxy servlet whether or not the user requested bypassing of the spec cache. 
  

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to