[
https://issues.apache.org/jira/browse/SHINDIG-1557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067068#comment-13067068
]
Doug Davies commented on SHINDIG-1557:
--------------------------------------
Also https://issues.apache.org/jira/browse/SHINDIG-1432 hints as something
similar and needing access to the originating gadget.
> jsonrcptransport.js is using the container security token instead of the
> gadget security token
> ----------------------------------------------------------------------------------------------
>
> Key: SHINDIG-1557
> URL: https://issues.apache.org/jira/browse/SHINDIG-1557
> Project: Shindig
> Issue Type: Bug
> Components: Javascript
> Affects Versions: 3.0.0
> Reporter: Doug Davies
>
> When a gadget makes an rpc request (using common container) the security
> token returned to the gadget via the st param is not the one being used for
> the rpc request. It is using the one generated in the container. This is
> probably because the rpc call ends up happening in the context of the
> container and shindig.auth.getSecurityToken returns that one. Calls to
> userprefs and appdata need the gadget security token so the is has the appid
> and appurl to use as db indexes. Just having the viewer and owner that is
> inherited from the container is not enough.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
