Hi community, I'm testing the new OAuth2 implementation (3.0.0-beta3). After retrieving my access-token, I'm sending requests to the REST API but can't figure out the viewer in my SPIs.
For example: 1. As user 'sue' I'm requesting an access-token 2. Shindig gives me the access-token 7173531c-57da-44d7-a4fe-52cae0faa3e1 3. I request information about user 'joe': /social/rest/people/joe/@self?access_token=7173531c-57da-44d7-a4fe-52cae0faa3e1 4. My PersonService decides based on the viewer how much information to return (e.g. 'sue' may be an administrator and see more available data points). How could I figure out in my PersonService that the viewer of the request was 'sue'? One possible solution I found: I could extend OAuth2Code with the viewerId and then set the value when creating the accessToken in OAuth2Service.generateAccessToken(). I use this access token to create a SecurityToken in OAuth2AuthenticationHandler:getSecurityTokenFromRequest() [instead of returning the AnonymousSecurityToken]. Does this make sense? What would be the suggested solution approach? Many thanks, Ronny
