[jira] Commented: (SHINDIG-338) OAuth consumer information should come from gadget spec, not from OAuth store

Mon, 09 Jun 2008 14:33:06 -0700 

    [ 
https://issues.apache.org/jira/browse/SHINDIG-338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12603696#action_12603696
 ] 

Dirk Balfanz commented on SHINDIG-338:
--------------------------------------

Ok, done. See new attachment.

> OAuth consumer information should come from gadget spec, not from OAuth store
> -----------------------------------------------------------------------------
>
>                 Key: SHINDIG-338
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-338
>             Project: Shindig
>          Issue Type: Improvement
>          Components: Gadget Rendering Server (Java)
>            Reporter: Dirk Balfanz
>            Assignee: Brian Eaton
>         Attachments: leaner-token-store.txt
>
>
> Currently, the consumer information for OAuth (access URL, request URL, 
> authorize URL, etc.) is read from the oauth.json file at startup and then put 
> into the OAuth store. At runtime, the information is then read back out of 
> the OAuth store (instead of getting it directly from the (cached) gadget 
> spec). This has several disadvantages: 
> (1) If one of the gadgets in oauth.json is not accessible at startup time, 
> shindig fails to start (we need to fetch the gadget spec to find out the 
> consumer information)
> (2) A gadget that doesn't want to use its own consumer key and secret (but 
> wants to use shindig's mechanism to use a default key and secret) must still 
> be listed in the oauth.json file, even though conceptually there is no reason 
> to do so.
> Attached is a patch that changes the OAuthStore interface and the semantics 
> of one of the methods: Instead of expecting the oauth store to know the 
> consumer information, and using that stored information to construct an 
> OAuthAccessor (a datastructure used to sign OAuth requests), we now pass the 
> consumer information into that method call. The OAuth store is simply 
> expected to know the consumer key and secret. It will combine the public 
> consumer information (passed into the method call) with the stored non-public 
> information (consumer key and secret) to create the OAuthAccessor data 
> structure. At runtime, we will obtain the public consumer information from 
> the (cached) gadget spec. 
> The patch also contains changes that allow makeRequest to forward to the the 
> proxy servlet whether or not the user requested bypassing of the spec cache. 
>   

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to