Its not limitation from OAuth spec itself. Looks like its "limitation" that Shindig currently has because access and request use the same AccessorInfo.
So the gadget OAuthService checks for the method types before continuing. - Henry On Fri, Aug 26, 2011 at 3:16 PM, Mark Weitzel <[email protected]> wrote: > > > Greetings... > One of my developers stumbled across an interesting question that I'm not > sure how to answer so I figured I'd post it here. He's trying to hit an OAuth > service that uses a POST for the access token and a GET for the request > token. I was not aware of any limitation in shindig to prevent this, but > we're seeing a funky error. Anyone got some suggestions for me? > > Thanks, > Mark W. > > When I add this to my app.xml I get the error below in the app window: > <OAuth> > <Service name="concur"> > <Access url="https://www.mysolutions.com/net2/OAuth/Access.ashx"; > method="POST" /> > <Request url="https://www.mysolutions.com/net2/OAuth/Request.ashx"; > method="GET" /> > <Authorization url="https://www.mysolutions.com/net2/OAuth/Login.aspx"; /> > </Service> > </OAuth> > > "Failed to load module prefs for app 'InstanceAppImpl{instanceAppID=5221, > title='null', description='null', userID=2152, > appURL='http://test-stuff/app.xml', appID=3258, > appInstanceUUID=94567228-xxxx-xxxx-xxxx-3cd6c3303101, creationDate=Thu Aug 25 > 10:20:39 PDT 2011, modificationDate=Thu Aug 25 10:20:44 PDT 2011}' for this > reason: org.apache.shindig.gadgets.spec.SpecParserException: Access@method > must be identical to Request@method" > > Does OAuth spec define that one should use same methods for the endpoints? I > cant find anything like that here: > http://tools.ietf.org/html/rfc5849#section-2.1 >
