You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by Dan Dumont <dd...@us.ibm.com> on 2012/02/01 20:21:24 UTC

OAuthCallbackServlet question

It seems to me like the following logic:

"  window.opener.gadgets.io.oauthReceivedCallbackUrl_ = 
document.location.href;\n"
in the servlet and
if (gadgets.io.oauthReceivedCallbackUrl_) {
  paramData['OAUTH_RECEIVED_CALLBACK'] = 
gadgets.io.oauthReceivedCallbackUrl_;
  gadgets.io.oauthReceivedCallbackUrl_ = null;
}
in makeRequest are vulnerable to timing issues.

Can anyone familiar in this area confirm?   Is it possible to trigger 2 
OAuth dances at the same time and stop over the callback url?
Should this be something like:

window.opener.gadgets.io.setOAuthReceivedCallbackUrl_(requestid, 
document.location.href);
So that the gadget can register callbacks for each request it might be 
trying to make?