You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by daviesd <da...@oclc.org> on 2012/01/31 16:15:34 UTC

Re: [jira] [Updated] (SHINDIG-1672) The HttpRequest object is not available to GrantRequestHandlers

Li (and anyone else that is interested).  I've reopened SHINDIG-1672 with a
more specific usecase.  As I started using the the auth_code/access_token
flow I discovered that what was previously implemented didn't fully meet my
needs.

I've tested this fix locally and it does what I need it to do.  If the other
flows need this logic someone with more knowledge than I have is going to
have to implement.

Thanks,
doug


On 1/31/12 10:00 AM, "Doug Davies (Updated) (JIRA)" <ji...@apache.org> wrote:

> 
>      [ 
> https://issues.apache.org/jira/browse/SHINDIG-1672?page=com.atlassian.jira.plu
> gin.system.issuetabpanels:all-tabpanel ]
> 
> Doug Davies updated SHINDIG-1672:
> ---------------------------------
> 
>     Description: 
> It would be nice if the GrantRequestHandler had access to the original request
> object so that it could use values like the security token to pass along
> additional params to the authorization code request.  In our implementation we
> set values within the security token's trusted json field that we'd like to
> pass along to our GrantRequestHandler implementation.
> 
> NEW USECASE (1/31/12):
> 
> Allow additional parameters to be appended to both the auth code request
> (query string) and access token request (body).
> 
> ** If the other 2 flows need to be updated that can be done as well, but I
> don't know enough about those flows to know where to plug in.
> 
> Remove these lines
> 
> for (Map.Entry<String, String> entry :
> accessor.getAdditionalRequestParams().entrySet()) {
>    request.setParam(entry.getKey(), entry.getValue());
> }
> 
> From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and
> StandardAuthenticationHandler.
> 
> Leave the one in CodeGrantTypeHandler to support the additional parameters on
> the auth code request.
> 
> THEN...add these lines to
> CodeAuthorizationResponseHandler:getAuthorizationBody to handle the access
> token request
> 
> (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )
> 
> for (Map.Entry<String, String> entry :
> accessor.getAdditionalRequestParams().entrySet()) {
>    queryParams.put(entry.getKey(), entry.getValue());
> }
> 
> 
> 
>   was:It would be nice if the GrantRequestHandler had access to the original
> request object so that it could use values like the security token to pass
> along additional params to the authorization code request.  In our
> implementation we set values within the security token's trusted json field
> that we'd like to pass along to our GrantRequestHandler implementation.
> 
> 
> Please see updated use-case. I've discussed these changes with Li Xu and he is
> going to review.
>                 
>> The HttpRequest object is not available to GrantRequestHandlers
>> ---------------------------------------------------------------
>> 
>>                 Key: SHINDIG-1672
>>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1672
>>             Project: Shindig
>>          Issue Type: Bug
>>          Components: Java
>>    Affects Versions: 3.0.0
>>            Reporter: Doug Davies
>>             Fix For: 3.0.0
>> 
>> 
>> It would be nice if the GrantRequestHandler had access to the original
>> request object so that it could use values like the security token to pass
>> along additional params to the authorization code request.  In our
>> implementation we set values within the security token's trusted json field
>> that we'd like to pass along to our GrantRequestHandler implementation.
>> NEW USECASE (1/31/12):
>> Allow additional parameters to be appended to both the auth code request
>> (query string) and access token request (body).
>> ** If the other 2 flows need to be updated that can be done as well, but I
>> don't know enough about those flows to know where to plug in.
>> Remove these lines
>> for (Map.Entry<String, String> entry :
>> accessor.getAdditionalRequestParams().entrySet()) {
>>    request.setParam(entry.getKey(), entry.getValue());
>> }
>> From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and
>> StandardAuthenticationHandler.
>> Leave the one in CodeGrantTypeHandler to support the additional parameters on
>> the auth code request.
>> THEN...add these lines to
>> CodeAuthorizationResponseHandler:getAuthorizationBody to handle the access
>> token request
>> (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )
>> for (Map.Entry<String, String> entry :
>> accessor.getAdditionalRequestParams().entrySet()) {
>>    queryParams.put(entry.getKey(), entry.getValue());
>> }
> 
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA administrators:
> https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
> For more information on JIRA, see: http://www.atlassian.com/software/jira
> 
>         
>