[jira] Commented: (SHINDIG-897) Add 3-legged OAuth validation support for RESTful api

Tue, 03 Feb 2009 05:06:29 -0800 

    [ 
https://issues.apache.org/jira/browse/SHINDIG-897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12669940#action_12669940
 ] 

Jacky Wang commented on SHINDIG-897:
------------------------------------

Hi Paul,

Thanks for your comments! =)

The current version supports 2-legged OAuth validation which leaves "token" and 
"token_secret" parts empty.

Basically I'm trying to add the 3-legged validation for it.  Only the 
validation is implemented, but "where/how the token is issued" (in which 
login/authorization happens) is leaved out of the graph (and I'm working on 
that too. :D).

Your description on what this change has done is pretty precise and very clear. 
 Sorry for my poor documentation and thanks for your clarification! =)

I found the idea "Many containers will have more granular permissions than 
'hasAppInstalled()', which this change seems to favor explicitly. " is very 
interesting and insightful --- actually, comparing with other authentication 
handlers like URLParameter, such ACL (whether an app is okay to access a user's 
profile/friend list, etc.) is controlled in the implementation of 3 OpenSocial 
abstract services (people/activity/appdata).  Therefore for unifying,  we'd 
rather don't check whether user has installed this app in the 
AuthenticationHandler logic --- just leave it to the 3 services instances.  On 
the other hand, if a user granted an app in the OAuth authorization process, 
this permission should be recorded in the underlying ACL mentioned above.

In short, we won't check "hasAppInstalled()" any more, neither in 2-legged 
OAuth nor 3-legged one.

I'm still cleaning the code according to your comments, and I'll post the patch 
asap.

Thanks! =)

- Jacky





> Add 3-legged OAuth validation support for RESTful api
> -----------------------------------------------------
>
>                 Key: SHINDIG-897
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-897
>             Project: Shindig
>          Issue Type: Improvement
>          Components: RESTful API (Java)
>            Reporter: Jacky Wang
>            Priority: Minor
>         Attachments: add-3-legged-oauth.patch
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> RESTful API now supports 2-legged OAuth, and we'd like to see it supports 
> validation for requests issued by 3-legged OAuth client.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to