On Oct 8, 2012, at 9:34 AM, Thorsten Höger <[email protected]> wrote:
> Hi, > > after using the OAuth 2.0 implementation for a while now I wanted to > give some feedback. > > In general I really like the implementation and it works very well. > The support for ResourceOwnerAuth and the RefreshToken are very nice. > > There are only two features I was missing: > > 1) In the AuthorizationCodeGrantService there are two private methods > using sessions to store and retrieve the sessionAuthenticityToken. It > would be nice to be able to change the storage. > I had to create a deep copy of this class to use some other session store. There's likely a bunch of places where things could be marked protected to help make things more usable from subclasses. Patches toward those goals are usually accepted fairly quickly. These are the types of things that are generally better to be done by someone actually creating the subclass as it's sometimes hard for us to really see where someone may need an extension point. Definitely create a JIRA issue and supply a patch if you can. Dan > 2) I found no way to get the Bearer token and the authorized client via > the injected MessageContext. I copied the OAuthRequestFilter and put the > AccessTokenValidation into the message which worked perfectly. May be > this could be done by default. > > Regards, > > Thorsten Höger -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
