You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by daviesd <da...@oclc.org> on 2012/01/31 16:15:34 UTC
Re: [jira] [Updated] (SHINDIG-1672) The HttpRequest object is not
available to GrantRequestHandlers
Li (and anyone else that is interested). I've reopened SHINDIG-1672 with a
more specific usecase. As I started using the the auth_code/access_token
flow I discovered that what was previously implemented didn't fully meet my
needs.
I've tested this fix locally and it does what I need it to do. If the other
flows need this logic someone with more knowledge than I have is going to
have to implement.
Thanks,
doug
On 1/31/12 10:00 AM, "Doug Davies (Updated) (JIRA)" <ji...@apache.org> wrote:
>
> [
> https://issues.apache.org/jira/browse/SHINDIG-1672?page=com.atlassian.jira.plu
> gin.system.issuetabpanels:all-tabpanel ]
>
> Doug Davies updated SHINDIG-1672:
> ---------------------------------
>
> Description:
> It would be nice if the GrantRequestHandler had access to the original request
> object so that it could use values like the security token to pass along
> additional params to the authorization code request. In our implementation we
> set values within the security token's trusted json field that we'd like to
> pass along to our GrantRequestHandler implementation.
>
> NEW USECASE (1/31/12):
>
> Allow additional parameters to be appended to both the auth code request
> (query string) and access token request (body).
>
> ** If the other 2 flows need to be updated that can be done as well, but I
> don't know enough about those flows to know where to plug in.
>
> Remove these lines
>
> for (Map.Entry<String, String> entry :
> accessor.getAdditionalRequestParams().entrySet()) {
> request.setParam(entry.getKey(), entry.getValue());
> }
>
> From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and
> StandardAuthenticationHandler.
>
> Leave the one in CodeGrantTypeHandler to support the additional parameters on
> the auth code request.
>
> THEN...add these lines to
> CodeAuthorizationResponseHandler:getAuthorizationBody to handle the access
> token request
>
> (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )
>
> for (Map.Entry<String, String> entry :
> accessor.getAdditionalRequestParams().entrySet()) {
> queryParams.put(entry.getKey(), entry.getValue());
> }
>
>
>
> was:It would be nice if the GrantRequestHandler had access to the original
> request object so that it could use values like the security token to pass
> along additional params to the authorization code request. In our
> implementation we set values within the security token's trusted json field
> that we'd like to pass along to our GrantRequestHandler implementation.
>
>
> Please see updated use-case. I've discussed these changes with Li Xu and he is
> going to review.
>
>> The HttpRequest object is not available to GrantRequestHandlers
>> ---------------------------------------------------------------
>>
>> Key: SHINDIG-1672
>> URL: https://issues.apache.org/jira/browse/SHINDIG-1672
>> Project: Shindig
>> Issue Type: Bug
>> Components: Java
>> Affects Versions: 3.0.0
>> Reporter: Doug Davies
>> Fix For: 3.0.0
>>
>>
>> It would be nice if the GrantRequestHandler had access to the original
>> request object so that it could use values like the security token to pass
>> along additional params to the authorization code request. In our
>> implementation we set values within the security token's trusted json field
>> that we'd like to pass along to our GrantRequestHandler implementation.
>> NEW USECASE (1/31/12):
>> Allow additional parameters to be appended to both the auth code request
>> (query string) and access token request (body).
>> ** If the other 2 flows need to be updated that can be done as well, but I
>> don't know enough about those flows to know where to plug in.
>> Remove these lines
>> for (Map.Entry<String, String> entry :
>> accessor.getAdditionalRequestParams().entrySet()) {
>> request.setParam(entry.getKey(), entry.getValue());
>> }
>> From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and
>> StandardAuthenticationHandler.
>> Leave the one in CodeGrantTypeHandler to support the additional parameters on
>> the auth code request.
>> THEN...add these lines to
>> CodeAuthorizationResponseHandler:getAuthorizationBody to handle the access
>> token request
>> (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )
>> for (Map.Entry<String, String> entry :
>> accessor.getAdditionalRequestParams().entrySet()) {
>> queryParams.put(entry.getKey(), entry.getValue());
>> }
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA administrators:
> https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>