-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/3987/
-----------------------------------------------------------
(Updated 2012-02-29 21:30:23.106625)
Review request for shindig, li xu and Adam Clarke.
Changes
-------
Updated to only remove the token based on 401. Getting a new token in the 403
case will not help since it indicates the user does not have the right
permissions.
Summary
-------
>From JIRA:
If the url to which a gadget is doing a makeRequest doesn't exist, i.e.,
returns a 404 to the Shindig server, the access token is being removed from the
OAuth2 Store. This functionality is implemented here:
org.apache.shindig.gadgets.oauth2.BasicOAuth2Request.fetchFromServer(OAuth2Accessor,
HttpRequest)
fetchFromServer is checking only if the response code is 4xx, and if so, it is
removing the access token from the store. This seems right for 401 or 403
return codes, perhaps, but not for 404. The behavior for an end user would then
be that they have to do the OAuth dance again next time the gadget tries to
access a resource.
The proposal is to change the current implementation to look explicitly for 401
or 403 response codes in fetchFromServer instead of looking for any 4xx.
Any other recommendations on what the behavior should be are welcome.
This addresses bug SHINDIG-1711.
https://issues.apache.org/jira/browse/SHINDIG-1711
Diffs (updated)
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/BasicOAuth2Request.java
1295256
Diff: https://reviews.apache.org/r/3987/diff
Testing
-------
Built and ran existing JUnits.
Thanks,
Stanton
