[
https://issues.apache.org/jira/browse/SHINDIG-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13197883#comment-13197883
]
[email protected] commented on SHINDIG-1672:
--------------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/3064/
-----------------------------------------------------------
(Updated 2012-02-01 14:54:12.796989)
Review request for shindig.
Changes
-------
Reimplemented to just focus on the auth flow (auth_code -> access_token). The
previous implementation passed the parameters along fine for the auth code
(browser url) but for the access code they were not passed along. Found a
better plugin point for that flow.
Summary
-------
It would be nice if the GrantRequestHandler had access to the original request
object so that it could use values like the security token to pass along
additional params to the authorization code request. In our implementation we
set values within the security token's trusted json field that we'd like to
pass along to our GrantRequestHandler implementation.
This addresses bug SHINDIG-1672.
https://issues.apache.org/jira/browse/SHINDIG-1672
Diffs (updated)
-----
/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/BasicAuthenticationHandler.java
1238728
/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/ClientCredentialsGrantTypeHandler.java
1238728
/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/CodeAuthorizationResponseHandler.java
1238728
/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/StandardAuthenticationHandler.java
1238728
Diff: https://reviews.apache.org/r/3064/diff
Testing
-------
Added unit test in CodeGrantTypeHandlerTest (testGetCompleteUrl_5). It tests
that the complete url sent to the authentication server has the parameter set
in the accessor.
Thanks,
Doug
> The HttpRequest object is not available to GrantRequestHandlers
> ---------------------------------------------------------------
>
> Key: SHINDIG-1672
> URL: https://issues.apache.org/jira/browse/SHINDIG-1672
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Affects Versions: 3.0.0
> Reporter: Doug Davies
> Fix For: 3.0.0
>
> Attachments: SHINDIG-1672-2.patch
>
>
> It would be nice if the GrantRequestHandler had access to the original
> request object so that it could use values like the security token to pass
> along additional params to the authorization code request. In our
> implementation we set values within the security token's trusted json field
> that we'd like to pass along to our GrantRequestHandler implementation.
> NEW USECASE (1/31/12):
> Allow additional parameters to be appended to both the auth code request
> (query string) and access token request (body).
> ** If the other 2 flows need to be updated that can be done as well, but I
> don't know enough about those flows to know where to plug in.
> Remove these lines
> for (Map.Entry<String, String> entry :
> accessor.getAdditionalRequestParams().entrySet()) {
> request.setParam(entry.getKey(), entry.getValue());
> }
> From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and
> StandardAuthenticationHandler.
> Leave the one in CodeGrantTypeHandler to support the additional parameters on
> the auth code request.
> THEN...add these lines to
> CodeAuthorizationResponseHandler:getAuthorizationBody to handle the access
> token request
> (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )
> for (Map.Entry<String, String> entry :
> accessor.getAdditionalRequestParams().entrySet()) {
> queryParams.put(entry.getKey(), entry.getValue());
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
