----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21060/#review42689 -----------------------------------------------------------
Ship it! Ship It! - Dan Dumont On May 12, 2014, 7:42 a.m., Yun Zhi Lin wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/21060/ > ----------------------------------------------------------- > > (Updated May 12, 2014, 7:42 a.m.) > > > Review request for shindig, Dan Dumont and Ryan Baxter. > > > Bugs: https://issues.apache.org/jira/browse/SHINDIG-1976 > > https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/SHINDIG-1976 > > > Repository: shindig > > > Description > ------- > > Shindig supports two OAuth grant types, Auth Code and Client credentials. For > client credentials, it sends a "GET" request to token endpoint. This is > incorrect. According to http://tools.ietf.org/html/rfc6749#section-3.2, the > client MUST use the HTTP "POST" method when making access token > requests. Also , http://tools.ietf.org/html/rfc6749#section-4.4.2 shows the > client credentials grant type needs to send a POST request to token endpoint. > The shindig_client_credentials gadget is not set to use correct grant type in > oauth2.json. The grant type is set to code. From the name, this gadget is > used to test client credentials, the grant type should be changed to > client_credentials > > > Diffs > ----- > > /trunk/config/oauth2.json 1592435 > > /trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java > 1592435 > > /trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandlerTest.java > 1592435 > > /trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth2/OAuth2Servlet.java > 1592435 > > /trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuth2AuthCodeFlowTest.java > 1592435 > > /trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuth2ClientCredentialFlowTest.java > 1592435 > > Diff: https://reviews.apache.org/r/21060/diff/ > > > Testing > ------- > > Add a check in existing test case to test the request method. > All Shindig junit test cases pass. > Test with the shindig_client_credentials gadget. > Modify test cases in OAuth2AuthCodeFlowTest & OAuth2ClientCredentialFlowTest > to use POST method for token endpoint > Add test cases in OAuth2AuthCodeFlowTest & OAuth2ClientCredentialFlowTest to > test using GET method for token endpoint (return 405) > > > Thanks, > > Yun Zhi Lin > >