[
https://issues.apache.org/jira/browse/SHINDIG-609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12736686#action_12736686
]
Arne Roomann-Kurrik commented on SHINDIG-609:
---------------------------------------------
In response to Kevin's comment - "Will we break anything by changing
xoauth_signature_publickey to xoauth_public_key?"
Apparently this changed between 0.8 and 0.9:
0.8 - http://opensocial-resources.googlecode.com/svn/spec/0.8/gadgets/io.js
0.9 -
http://www.opensocial.org/Technical-Resources/opensocial-spec-v09/Gadgets-API-Specification.html#rfc.section.5.2.2.3.1
I'm actually surprised that such a backwards-incompatible change snuck in I
just had an issue where a non-shindig container that was sending signed
requests to osda.appspot.com (OpenSocial Dev App) was using xoauth_public_key
instead of xoauth_signature_publickey, which manifested as a hard-to-debug
OAuth error, which let me to look up why they were using the parameter in the
first place (apparently they read the spec, go figure).
I think there's a lot of potential for app breakage if this parameter changes
suddenly. Can both be sent for at least a whole release cycle to give
developers time to migrate? I'll start working on updating docs to reflect the
change.
~Arne
> fix oauth url parameters
> ------------------------
>
> Key: SHINDIG-609
> URL: https://issues.apache.org/jira/browse/SHINDIG-609
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Reporter: David Primmer
>
> particularly:
> xoauth_signature_publickey / xoauth_public_key
> and
> opensocial_app_id / xoauth_app_url / opensocial_app_url
> for ref:
> http://groups.google.com/group/opensocial-container/browse_thread/thread/bb5204db2476fbd7
> davep
> On Tue, Sep 16, 2008 at 11:26 PM, Eiji Kitamura <[email protected]> wrote:
> > Hi,
> >
> >
> > I'm trying to get clearer on OAuth on OpenSocial / Shindig and have a
> > few questions.
> > Sorry if these questions are not appropriate for this list.
> >
> > [1] opensocial_*id
> >
> > According to following document:
> > https://sites.google.com/site/oauthgoog/2leggedoauth/2opensocialrestapi
> >
> > OpenSocial container sends OAuth Consumer Request query with
> > * opensocial_ownerid
> > * opensocial_viewerid
> > * opensocial_appid
> >
> > But when I look at google code gadgets site document:
> > http://code.google.com/apis/gadgets/docs/reference/#gadgets.io
> >
> > It's said to send following query params which names are slightly different:
> > * opensocial_owner_id
> > * opensocial_viewer_id
> > * opensocial_app_id
> >
> > Actual Shindig implementation looks like sending queries same as
> > google code gadgets site explanation:
> > * opensocial_owner_id
> > * opensocial_viewer_id
> > * opensocial_app_id
> >
> > Is the one on oauthgoog just typo or do they have different meaning?
> >
> >
> > [2] xoauth_public_key
> >
> > According to following proposal:
> > http://dirk.balfanz.googlepages.com/oauth_key_rotation.html
> >
> > Public Key Identifier should be specified using "xoauth_public_key".
> > Same on google code gadgets site.
> > But actual implementation in Shindig seems like using
> > "xoauth_signature_publickey".
> >
> > Which is correct or should they be treated differently?
> >
> > [3] xoauth_app_url
> >
> > According to following proposal:
> > http://dirk.balfanz.googlepages.com/oauth_gadget_extension.html
> >
> > App url should be specified using "xoauth_app_url". But it looks like
> > there's "opensocial_app_url" mentioned on google code gadgets site.
> > Shindig is implemented with "opensocial_app_url" too.
> >
> > Which is correct or should they be treated differently?
> >
> >
> > Thanks in advance.
> >
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
