You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Jacky Wang (JIRA)" <ji...@apache.org> on 2009/02/06 12:29:59 UTC

[jira] Issue Comment Edited: (SHINDIG-897) Add 3-legged OAuth validation support for RESTful api

    [ https://issues.apache.org/jira/browse/SHINDIG-897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671055#action_12671055 ] 

chaowang edited comment on SHINDIG-897 at 2/6/09 3:29 AM:
------------------------------------------------------------

This new patch is targeting the support for for 3-legged OAuth validation.  It includes:

1. Remove the "hasUserInstalledApp()" logic from OAuthConsumerRequestAuthenticationHandler - this ACL function should be delegated to the implementation of underlying 3 OpenSocial services.

2. Modify OAuthLookupService to expose only 1 API "getSecurityToken" that verifies the coming OAuth request and generates the security token if it's valid.  The real validation work is delegated to a new OAuthDataStore interface, which is injected when SampleContainerOAuthLookupService initialized.  This delegation model is consisted with PHP Shindig's.

3. Define OAuthDataStore as API (and its implementation SampleOAuthDataStore) to handle all OAuth consumer/accessor/token issues.  This API should be easily fitting-in as an OAuth provider's facility.

2-legged OAuth validation has been tested against OpenSocial-Client Java Lib (http://opensocial-java-client.googlecode.com).
3-legged OAuth one has been tested against a reference implementation (http://term.ie/oauth/example/client.php).

      was (Author: chaowang):
    Supports validation for 3-legged OAuth.

This patch includes:

1. Remove the "hasUserInstalledApp()" logic from OAuthConsumerRequestAuthenticationHandler - this ACL function is delegated to the implementation of underlying 3 OpenSocial services.

2. Modify OAuthLookupService to expose only 1 API "getSecurityToken" that verifies the coming OAuth request and generates the security token if it's valid.  The real validation work is delegated to a new OAuthDataStore interface, which is injected when SampleContainerOAuthLookupService initialized.  This delegation model is consisted with PHP Shindig's.

3. Define OAuthDataStore as API (and its implementation SampleOAuthDataStore) to handle all OAuth consumer/accessor/token issues.  This API should be easily fitting-in as an OAuth provider's facility.

2-legged OAuth validation has been tested against OpenSocial-Client Java Lib (http://opensocial-java-client.googlecode.com).
3-legged OAuth one has been tested against a reference implementation (http://term.ie/oauth/example/client.php).
  
> Add 3-legged OAuth validation support for RESTful api
> -----------------------------------------------------
>
>                 Key: SHINDIG-897
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-897
>             Project: Shindig
>          Issue Type: Improvement
>          Components: RESTful API (Java)
>            Reporter: Jacky Wang
>            Priority: Minor
>         Attachments: add-3-legged-oauth.patch, supports-3-legged-oauth-validation.patch
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> RESTful API now supports 2-legged OAuth, and we'd like to see it supports validation for requests issued by 3-legged OAuth client.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.