[
http://jira.amdatu.org/jira/browse/AMDATUAUTH-17?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=11233#comment-11233
]
Ivo Ladage - van Doorn commented on AMDATUAUTH-17:
--------------------------------------------------
Preapproved request tokens should be supported by the OAuth server in case the
identity of the user is known. So the OAuth server should facilitate a servlet
(similar to the request token servlet) that also distributed request tokens,
but flagged with a special 'pre-authorized' flasg in case the request could be
authenticated against a known user and the user approved the consumer before.
So an additional query argument in the request token should be enough. The
consumer is known, the users identity is known and the fact that the user did
approve the consumer to access resources on its behalf. So:
- The consumer registry should store a list of users that authorized the
consumer to access its resources on its behalf
- The request token servlet should be enhanced with an additional
'preapproved=true' parameter to request a preapproved request token
- In case a preapproved request token request comes in, the OAuth server
verifies that the users identity is known and that he did explicitly give
approval to the consumer to access its resources before. If so, a request token
is generated with the property 'oauth_token_authorized' already set to true and
the userid.
- The consumer can now directly exchange the request token for an access token
as it is already authorized
> Support preapproved request tokens for 2-legged oAuth
> -----------------------------------------------------
>
> Key: AMDATUAUTH-17
> URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-17
> Project: Amdatu Auth
> Issue Type: New Feature
> Components: OAuth server
> Affects Versions: 0.1.0
> Reporter: Ivo Ladage - van Doorn
> Assignee: Ivo Ladage - van Doorn
> Fix For: 0.2.0
>
>
> Gadgets rendered in the Amdatu OpenSocial container usually will want to use
> 2-legged oAuth with preapproved request tokens. To support this the following
> enhancements need to be implemented:
> - Add a servlet to the oAuth server that facilitates generating preapproved
> request tokens
> - a addModule callback to add gadgets to the preapproved gadget store
> As an example the course gadget should use this new 2-legged approach. The
> friends gadget should use the full blown 3-legged approach (see
> http://jira.amdatu.org/jira/browse/AMDATU-211)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
