[
https://issues.apache.org/jira/browse/SHINDIG-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Doug Davies updated SHINDIG-1672:
---------------------------------
Description:
It would be nice if the GrantRequestHandler had access to the original request
object so that it could use values like the security token to pass along
additional params to the authorization code request. In our implementation we
set values within the security token's trusted json field that we'd like to
pass along to our GrantRequestHandler implementation.
NEW USECASE (1/31/12):
Allow additional parameters to be appended to both the auth code request (query
string) and access token request (body).
** If the other 2 flows need to be updated that can be done as well, but I
don't know enough about those flows to know where to plug in.
Remove these lines
for (Map.Entry<String, String> entry :
accessor.getAdditionalRequestParams().entrySet()) {
request.setParam(entry.getKey(), entry.getValue());
}
>From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and
>StandardAuthenticationHandler.
Leave the one in CodeGrantTypeHandler to support the additional parameters on
the auth code request.
THEN...add these lines to CodeAuthorizationResponseHandler:getAuthorizationBody
to handle the access token request
(right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )
for (Map.Entry<String, String> entry :
accessor.getAdditionalRequestParams().entrySet()) {
queryParams.put(entry.getKey(), entry.getValue());
}
was:It would be nice if the GrantRequestHandler had access to the original
request object so that it could use values like the security token to pass
along additional params to the authorization code request. In our
implementation we set values within the security token's trusted json field
that we'd like to pass along to our GrantRequestHandler implementation.
Please see updated use-case. I've discussed these changes with Li Xu and he is
going to review.
> The HttpRequest object is not available to GrantRequestHandlers
> ---------------------------------------------------------------
>
> Key: SHINDIG-1672
> URL: https://issues.apache.org/jira/browse/SHINDIG-1672
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Affects Versions: 3.0.0
> Reporter: Doug Davies
> Fix For: 3.0.0
>
>
> It would be nice if the GrantRequestHandler had access to the original
> request object so that it could use values like the security token to pass
> along additional params to the authorization code request. In our
> implementation we set values within the security token's trusted json field
> that we'd like to pass along to our GrantRequestHandler implementation.
> NEW USECASE (1/31/12):
> Allow additional parameters to be appended to both the auth code request
> (query string) and access token request (body).
> ** If the other 2 flows need to be updated that can be done as well, but I
> don't know enough about those flows to know where to plug in.
> Remove these lines
> for (Map.Entry<String, String> entry :
> accessor.getAdditionalRequestParams().entrySet()) {
> request.setParam(entry.getKey(), entry.getValue());
> }
> From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and
> StandardAuthenticationHandler.
> Leave the one in CodeGrantTypeHandler to support the additional parameters on
> the auth code request.
> THEN...add these lines to
> CodeAuthorizationResponseHandler:getAuthorizationBody to handle the access
> token request
> (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )
> for (Map.Entry<String, String> entry :
> accessor.getAdditionalRequestParams().entrySet()) {
> queryParams.put(entry.getKey(), entry.getValue());
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
