On Thu, Jul 8, 2010 at 6:06 PM, Łukasz Moreń <[email protected]> wrote:
> Hi, > > > I'm wondering should the server try to redirect the end user back to the > > consumer first, provided the consumer did register a callback ? The > consumer > > will recognize that no verifier is available and will reply back to the > end > > user : "can not access your resource because the server thought my > request > > token was invalid" (just an example), so it will be the responsibility of > > the consumer as to what to say if the request token expired or something. > > > > Though if no callback is available then the server will have to reply to > the > > end user indeed... > > I got suggested by current OAuth providers, i.e. google or twitter > show information about invalid request on the server side. > Approach that error response is sent to the client is I think included > in current OAuth 2.0 spec. Hovewer callback_uri is required there > either through preregistration or request parameter, in 1.0, as you > mentioned may not be available. > > I would go with server response to the user as it solves both cases > where callback is available or not. > WDYT? > > please do cheers, Sergey > > > > > > > >> So far I use RequestDispatcherProvider, but I am stuck a bit, hot to > >> perform a conditional redirection (i.e. depends on object passed to > >> MessageBodyWriter). > >> I haven't found any easy way to do that. I can write custom > >> RequestDispatcherProvider based on existing one, but maybe there is > >> easier way? > >> > >> Perhaps a simpler option is to handle it by using > > Response.seeOther(relativeUri) in a service provider method which does > the > > validation which will redirect the user to a dedicated method handling > > errors... > > Thanks, that's simpler way:). > > Cheers, > Lukasz > > > > > cheers, Sergey > > > > Thanks for help. > >> > >> Cheers, > >> Lukasz > >> > > >
