So did we conclude that the right thing to do is revert my CL and instead "fix" GadgetRenderingTask.java to look for isAnonymous()? On Fri, Sep 5, 2008 at 3:31 PM, Kevin Brown <[EMAIL PROTECTED]> wrote:
> On Fri, Sep 5, 2008 at 3:26 PM, Brian Eaton <[EMAIL PROTECTED]> wrote: > >> On Fri, Sep 5, 2008 at 3:22 PM, Kevin Brown <[EMAIL PROTECTED]> wrote: >> > Only if the container isn't providing a security token. >> >> Yes, that can happen. That's how John reproduced the crash to begin with. >> =) >> >> igoogle, for example, doesn't need/supply a security token for most >> gadgets, and I'd expect that to remain true for quite a while. > > > igoogle isn't using Shindig, either, and when they are they have to provide > security token anyway, because signed fetch needs it and there's no way to > know in advance whether or not a gadget uses it without parsing the content. > > >> >> >> > Three legged oauth simply fails (no stored tokens for the anonymous >> >> user). >> >> >> >> Unfortunately that isn't true today. >> > >> > >> > How so? Where can I add an oauth token that works without an app id? >> >> Ah, you're right. There is a line in GadgetOAuthTokenStore that checks >> for it. >> > >
