----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21060/ -----------------------------------------------------------
(Updated May 12, 2014, 7:42 a.m.) Review request for shindig, Dan Dumont and Ryan Baxter. Changes ------- Update testing done Bugs: https://issues.apache.org/jira/browse/SHINDIG-1976 https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/SHINDIG-1976 Repository: shindig Description ------- Shindig supports two OAuth grant types, Auth Code and Client credentials. For client credentials, it sends a "GET" request to token endpoint. This is incorrect. According to http://tools.ietf.org/html/rfc6749#section-3.2, the client MUST use the HTTP "POST" method when making access token requests. Also , http://tools.ietf.org/html/rfc6749#section-4.4.2 shows the client credentials grant type needs to send a POST request to token endpoint. The shindig_client_credentials gadget is not set to use correct grant type in oauth2.json. The grant type is set to code. From the name, this gadget is used to test client credentials, the grant type should be changed to client_credentials Diffs ----- /trunk/config/oauth2.json 1592435 /trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java 1592435 /trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandlerTest.java 1592435 /trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth2/OAuth2Servlet.java 1592435 /trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuth2AuthCodeFlowTest.java 1592435 /trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuth2ClientCredentialFlowTest.java 1592435 Diff: https://reviews.apache.org/r/21060/diff/ Testing (updated) ------- Add a check in existing test case to test the request method. All Shindig junit test cases pass. Test with the shindig_client_credentials gadget. Modify test cases in OAuth2AuthCodeFlowTest & OAuth2ClientCredentialFlowTest to use POST method for token endpoint Add test cases in OAuth2AuthCodeFlowTest & OAuth2ClientCredentialFlowTest to test using GET method for token endpoint (return 405) Thanks, Yun Zhi Lin