[jira] Updated: (SHINDIG-897) Add 3-legged OAuth validation support for RESTful api

Mon, 09 Feb 2009 02:31:27 -0800 

     [ 
https://issues.apache.org/jira/browse/SHINDIG-897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacky Wang updated SHINDIG-897:
-------------------------------

    Attachment: supports-3-legged-oauth-validation.patch

Thanks for the comments, Cassie!  I updated the patch according to them.

Item #1: done.  only checks userID part if it's 2-legged OAuth.

Item #2, I've put some validation code in SampleOAuthDataStore.java since:
  a) The validation logic uses SimpleOAuthValidator actually, and this might be 
replaced by the implementor if they want to have more complex control like 
token expiration etc.
  b) This validation process links tightly with OAuthDataStore thus it might be 
a bit cleaner if we put them together, rather than create more interfaces, etc.

Item #3: It seems the OAuthHandler family shares pretty much code/interfaces.  
How about we delegates their differences on the underlying OAuthDataStore 
interface, which could be modified by implementors?  For example, different 
getConsumer() implementation for all anonymous consumers.  Just my 2 cents.

Item #4: Echo Cassie's idea.  Although there's a reference implementation for 
OAuth provider on their code base, it still might be some easier for debugging 
and deploying if OAuth could be integrated in Shindig's code base.  And it also 
might help future unregister oauth 3-legged supporting as well.


> Add 3-legged OAuth validation support for RESTful api
> -----------------------------------------------------
>
>                 Key: SHINDIG-897
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-897
>             Project: Shindig
>          Issue Type: Improvement
>          Components: RESTful API (Java)
>            Reporter: Jacky Wang
>            Priority: Minor
>         Attachments: supports-3-legged-oauth-validation.patch, 
> supports-3-legged-oauth-validation.patch
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> RESTful API now supports 2-legged OAuth, and we'd like to see it supports 
> validation for requests issued by 3-legged OAuth client.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to