[
https://issues.apache.org/jira/browse/SHINDIG-609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737798#action_12737798
]
Paul Lindner commented on SHINDIG-609:
--------------------------------------
Here's a patch that sends both params for Java. Note that there's another bug
for PHP that's the same thing..
ere's a java patch that preserves the old key and adds the new
diff --git
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
index eb0bc22..6cf9127 100644
---
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
+++
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
@@ -90,7 +90,10 @@ public class OAuthRequest {
protected static final String OPENSOCIAL_PROXIED_CONTENT =
"opensocial_proxied_content";
- protected static final String XOAUTH_PUBLIC_KEY =
"xoauth_signature_publickey";
+ // old and new parameters for the public key
+ // TODO remove OLD in a far future release
+ protected static final String XOAUTH_PUBLIC_KEY_OLD =
"xoauth_signature_publickey";
+ protected static final String XOAUTH_PUBLIC_KEY_NEW =
"xoauth_signature_publickey";
protected static final Pattern ALLOWED_PARAM_NAME =
Pattern.compile("[-:\\...@$*()_\\[\\]:,./]+");
@@ -446,7 +449,8 @@ public class OAuthRequest {
new Parameter(OAuth.OAUTH_CONSUMER_KEY,
realRequest.getSecurityToken().getDomain()));
}
if (accessorInfo.getConsumer().getKeyName() != null) {
- params.add(new Parameter(XOAUTH_PUBLIC_KEY,
accessorInfo.getConsumer().getKeyName()));
+ params.add(new Parameter(XOAUTH_PUBLIC_KEY_OLD,
accessorInfo.getConsumer().getKeyName()));
+ params.add(new Parameter(XOAUTH_PUBLIC_KEY_NEW,
accessorInfo.getConsumer().getKeyName()));
}
params.add(new Parameter(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0));
params.add(new Parameter(OAuth.OAUTH_TIMESTAMP,
> fix oauth url parameters
> ------------------------
>
> Key: SHINDIG-609
> URL: https://issues.apache.org/jira/browse/SHINDIG-609
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Reporter: David Primmer
>
> particularly:
> xoauth_signature_publickey / xoauth_public_key
> and
> opensocial_app_id / xoauth_app_url / opensocial_app_url
> for ref:
> http://groups.google.com/group/opensocial-container/browse_thread/thread/bb5204db2476fbd7
> davep
> On Tue, Sep 16, 2008 at 11:26 PM, Eiji Kitamura <[email protected]> wrote:
> > Hi,
> >
> >
> > I'm trying to get clearer on OAuth on OpenSocial / Shindig and have a
> > few questions.
> > Sorry if these questions are not appropriate for this list.
> >
> > [1] opensocial_*id
> >
> > According to following document:
> > https://sites.google.com/site/oauthgoog/2leggedoauth/2opensocialrestapi
> >
> > OpenSocial container sends OAuth Consumer Request query with
> > * opensocial_ownerid
> > * opensocial_viewerid
> > * opensocial_appid
> >
> > But when I look at google code gadgets site document:
> > http://code.google.com/apis/gadgets/docs/reference/#gadgets.io
> >
> > It's said to send following query params which names are slightly different:
> > * opensocial_owner_id
> > * opensocial_viewer_id
> > * opensocial_app_id
> >
> > Actual Shindig implementation looks like sending queries same as
> > google code gadgets site explanation:
> > * opensocial_owner_id
> > * opensocial_viewer_id
> > * opensocial_app_id
> >
> > Is the one on oauthgoog just typo or do they have different meaning?
> >
> >
> > [2] xoauth_public_key
> >
> > According to following proposal:
> > http://dirk.balfanz.googlepages.com/oauth_key_rotation.html
> >
> > Public Key Identifier should be specified using "xoauth_public_key".
> > Same on google code gadgets site.
> > But actual implementation in Shindig seems like using
> > "xoauth_signature_publickey".
> >
> > Which is correct or should they be treated differently?
> >
> > [3] xoauth_app_url
> >
> > According to following proposal:
> > http://dirk.balfanz.googlepages.com/oauth_gadget_extension.html
> >
> > App url should be specified using "xoauth_app_url". But it looks like
> > there's "opensocial_app_url" mentioned on google code gadgets site.
> > Shindig is implemented with "opensocial_app_url" too.
> >
> > Which is correct or should they be treated differently?
> >
> >
> > Thanks in advance.
> >
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
