Hey folks -
I'd like to make it easier for shindig deployments to use OAuth by
reusing the app data store for per-user and per-gadget persistent
storage.
Proposal:
1) Add three new methods to AppDataService,
getInternalPersonDataPrivate, updateInternalPersonData, and
deleteInternalPersonData. These would not be exposed to any servlets,
they would only be used by internal code.
2) Implement those methods in JsonDbOpenSocialService as filters on
top of filter names. Fields prefixed with __internal_ would only be
available via the *InternalPersonData methods, not via the other
PersonData methods. This will prevent javascript code from reading
OAuth data directly.
3) Create an implementation of OAuthStore built on top of
AppDataService. AppDataOAuthStore would
a) map the OAuth data on to the appdata schema.
b) handle encryption and decryption of keys to prevent them from
being accidentally disclosed.
4) Create a new shindig java subproject "integration" to house
AppDataOAuthStore and associate Guice modules. This is necessary to
avoid dependencies between social-api and gadgets.
Comments? I'm working on a patch now. If this seems questionable to
anyone I'll stick the patch in Jira for review prior to submission.
If there are no objections I'll submit and then address any feedback.
Cheers,
Brian
