[
https://issues.apache.org/jira/browse/SHINDIG-338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dirk Balfanz updated SHINDIG-338:
---------------------------------
Attachment: leaner-token-store3.txt
Another update on the patch.
> OAuth consumer information should come from gadget spec, not from OAuth store
> -----------------------------------------------------------------------------
>
> Key: SHINDIG-338
> URL: https://issues.apache.org/jira/browse/SHINDIG-338
> Project: Shindig
> Issue Type: Improvement
> Components: Gadget Rendering Server (Java)
> Reporter: Dirk Balfanz
> Assignee: Brian Eaton
> Attachments: leaner-token-store.txt, leaner-token-store2.txt,
> leaner-token-store3.txt
>
>
> Currently, the consumer information for OAuth (access URL, request URL,
> authorize URL, etc.) is read from the oauth.json file at startup and then put
> into the OAuth store. At runtime, the information is then read back out of
> the OAuth store (instead of getting it directly from the (cached) gadget
> spec). This has several disadvantages:
> (1) If one of the gadgets in oauth.json is not accessible at startup time,
> shindig fails to start (we need to fetch the gadget spec to find out the
> consumer information)
> (2) A gadget that doesn't want to use its own consumer key and secret (but
> wants to use shindig's mechanism to use a default key and secret) must still
> be listed in the oauth.json file, even though conceptually there is no reason
> to do so.
> Attached is a patch that changes the OAuthStore interface and the semantics
> of one of the methods: Instead of expecting the oauth store to know the
> consumer information, and using that stored information to construct an
> OAuthAccessor (a datastructure used to sign OAuth requests), we now pass the
> consumer information into that method call. The OAuth store is simply
> expected to know the consumer key and secret. It will combine the public
> consumer information (passed into the method call) with the stored non-public
> information (consumer key and secret) to create the OAuthAccessor data
> structure. At runtime, we will obtain the public consumer information from
> the (cached) gadget spec.
> The patch also contains changes that allow makeRequest to forward to the the
> proxy servlet whether or not the user requested bypassing of the spec cache.
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
