[
https://issues.apache.org/jira/browse/SHINDIG-897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671055#action_12671055
]
chaowang edited comment on SHINDIG-897 at 2/6/09 3:29 AM:
------------------------------------------------------------
This new patch is targeting the support for for 3-legged OAuth validation. It
includes:
1. Remove the "hasUserInstalledApp()" logic from
OAuthConsumerRequestAuthenticationHandler - this ACL function should be
delegated to the implementation of underlying 3 OpenSocial services.
2. Modify OAuthLookupService to expose only 1 API "getSecurityToken" that
verifies the coming OAuth request and generates the security token if it's
valid. The real validation work is delegated to a new OAuthDataStore
interface, which is injected when SampleContainerOAuthLookupService
initialized. This delegation model is consisted with PHP Shindig's.
3. Define OAuthDataStore as API (and its implementation SampleOAuthDataStore)
to handle all OAuth consumer/accessor/token issues. This API should be easily
fitting-in as an OAuth provider's facility.
2-legged OAuth validation has been tested against OpenSocial-Client Java Lib
(http://opensocial-java-client.googlecode.com).
3-legged OAuth one has been tested against a reference implementation
(http://term.ie/oauth/example/client.php).
was (Author: chaowang):
Supports validation for 3-legged OAuth.
This patch includes:
1. Remove the "hasUserInstalledApp()" logic from
OAuthConsumerRequestAuthenticationHandler - this ACL function is delegated to
the implementation of underlying 3 OpenSocial services.
2. Modify OAuthLookupService to expose only 1 API "getSecurityToken" that
verifies the coming OAuth request and generates the security token if it's
valid. The real validation work is delegated to a new OAuthDataStore
interface, which is injected when SampleContainerOAuthLookupService
initialized. This delegation model is consisted with PHP Shindig's.
3. Define OAuthDataStore as API (and its implementation SampleOAuthDataStore)
to handle all OAuth consumer/accessor/token issues. This API should be easily
fitting-in as an OAuth provider's facility.
2-legged OAuth validation has been tested against OpenSocial-Client Java Lib
(http://opensocial-java-client.googlecode.com).
3-legged OAuth one has been tested against a reference implementation
(http://term.ie/oauth/example/client.php).
> Add 3-legged OAuth validation support for RESTful api
> -----------------------------------------------------
>
> Key: SHINDIG-897
> URL: https://issues.apache.org/jira/browse/SHINDIG-897
> Project: Shindig
> Issue Type: Improvement
> Components: RESTful API (Java)
> Reporter: Jacky Wang
> Priority: Minor
> Attachments: add-3-legged-oauth.patch,
> supports-3-legged-oauth-validation.patch
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> RESTful API now supports 2-legged OAuth, and we'd like to see it supports
> validation for requests issued by 3-legged OAuth client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
