You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Kevin Brown (JIRA)" <ji...@apache.org> on 2008/09/17 21:41:44 UTC

[jira] Commented: (SHINDIG-609) fix oauth url parameters

    [ https://issues.apache.org/jira/browse/SHINDIG-609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12631900#action_12631900 ] 

Kevin Brown commented on SHINDIG-609:
-------------------------------------

Yes, these definitely need to be fixed to  match the spec. Will we break anything by changing xoauth_signature_publickey to xoauth_public_key? If so, can we just pass both for now without causing other issues?

Adding opensocial_app_url is a no-brainer, and is essential for simplifying the verification process.

> fix oauth url parameters
> ------------------------
>
>                 Key: SHINDIG-609
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-609
>             Project: Shindig
>          Issue Type: Bug
>          Components: Common Components (Java)
>            Reporter: David Primmer
>
> particularly:
> xoauth_signature_publickey / xoauth_public_key
> and 
> opensocial_app_id / xoauth_app_url / opensocial_app_url
> for ref:
> http://groups.google.com/group/opensocial-container/browse_thread/thread/bb5204db2476fbd7
> davep
> On Tue, Sep 16, 2008 at 11:26 PM, Eiji Kitamura <ag...@gmail.com> wrote:
> > Hi,
> >
> >
> > I'm trying to get clearer on OAuth on OpenSocial / Shindig and have a
> > few questions.
> > Sorry if these questions are not appropriate for this list.
> >
> > [1] opensocial_*id
> >
> > According to following document:
> > https://sites.google.com/site/oauthgoog/2leggedoauth/2opensocialrestapi
> >
> > OpenSocial container sends OAuth Consumer Request query with
> > * opensocial_ownerid
> > * opensocial_viewerid
> > * opensocial_appid
> >
> > But when I look at google code gadgets site document:
> > http://code.google.com/apis/gadgets/docs/reference/#gadgets.io
> >
> > It's said to send following query params which names are slightly different:
> > * opensocial_owner_id
> > * opensocial_viewer_id
> > * opensocial_app_id
> >
> > Actual Shindig implementation looks like sending queries same as
> > google code gadgets site explanation:
> > * opensocial_owner_id
> > * opensocial_viewer_id
> > * opensocial_app_id
> >
> > Is the one on oauthgoog just typo or do they have different meaning?
> >
> >
> > [2] xoauth_public_key
> >
> > According to following proposal:
> > http://dirk.balfanz.googlepages.com/oauth_key_rotation.html
> >
> > Public Key Identifier should be specified using "xoauth_public_key".
> > Same on google code gadgets site.
> > But actual implementation in Shindig seems like using
> > "xoauth_signature_publickey".
> >
> > Which is correct or should they be treated differently?
> >
> > [3] xoauth_app_url
> >
> > According to following proposal:
> > http://dirk.balfanz.googlepages.com/oauth_gadget_extension.html
> >
> > App url should be specified using "xoauth_app_url". But it looks like
> > there's "opensocial_app_url" mentioned on google code gadgets site.
> > Shindig is implemented with "opensocial_app_url" too.
> >
> > Which is correct or should they be treated differently?
> >
> >
> > Thanks in advance.
> >

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.