[
https://issues.apache.org/jira/browse/SHINDIG-1711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stanton Sievers resolved SHINDIG-1711.
--------------------------------------
Resolution: Fixed
Committed revision 1295877.
> OAuth2 access tokens being removed from OAuth2Store when request returns any
> 4xx response
> -----------------------------------------------------------------------------------------
>
> Key: SHINDIG-1711
> URL: https://issues.apache.org/jira/browse/SHINDIG-1711
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Affects Versions: 2.5.0
> Reporter: Stanton Sievers
> Assignee: Stanton Sievers
> Labels: OAuth2
> Fix For: 2.5.0
>
> Attachments: OAuth2_4xx_v2.patch
>
>
> If the url to which a gadget is doing a makeRequest doesn't exist, i.e.,
> returns a 404 to the Shindig server, the access token is being removed from
> the OAuth2 Store. This functionality is implemented here:
> org.apache.shindig.gadgets.oauth2.BasicOAuth2Request.fetchFromServer(OAuth2Accessor,
> HttpRequest)
> fetchFromServer is checking only if the response code is 4xx, and if so, it
> is removing the access token from the store. This seems right for 401 or 403
> return codes, perhaps, but not for 404. The behavior for an end user would
> then be that they have to do the OAuth dance again next time the gadget tries
> to access a resource.
> The proposal is to change the current implementation to look explicitly for
> 401 or 403 response codes in fetchFromServer instead of looking for any 4xx.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
