Hi, I will create a JIRA ticket and try to provide a patch.
Thanks, Thorsten Am 08.10.2012 22:12, schrieb Daniel Kulp: > On Oct 8, 2012, at 9:34 AM, Thorsten Höger <[email protected]> wrote: > >> Hi, >> >> after using the OAuth 2.0 implementation for a while now I wanted to >> give some feedback. >> >> In general I really like the implementation and it works very well. >> The support for ResourceOwnerAuth and the RefreshToken are very nice. >> >> There are only two features I was missing: >> >> 1) In the AuthorizationCodeGrantService there are two private methods >> using sessions to store and retrieve the sessionAuthenticityToken. It >> would be nice to be able to change the storage. >> I had to create a deep copy of this class to use some other session store. > There's likely a bunch of places where things could be marked protected to > help make things more usable from subclasses. Patches toward those goals are > usually accepted fairly quickly. These are the types of things that are > generally better to be done by someone actually creating the subclass as it's > sometimes hard for us to really see where someone may need an extension > point. Definitely create a JIRA issue and supply a patch if you can. > > Dan > > > >> 2) I found no way to get the Bearer token and the authorized client via >> the injected MessageContext. I copied the OAuthRequestFilter and put the >> AccessTokenValidation into the message which worked perfectly. May be >> this could be done by default. >> >> Regards, >> >> Thorsten Höger
