You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by Amit Murthy <am...@gmail.com> on 2009/08/10 09:18:41 UTC

BlobCrypterSecurityToken.java question

Hi,

Could someone please explain why the BlobCrypterSecurityToken does not
return the actual AppId? And why isn't the AppId part of the encrypted
token?

Code snippet from BlobCrypterSecurityToken.java

  // Legacy value for signed fetch, opensocial 0.8 prefers
opensocial_app_url
  public String getAppId() {
    return appUrl;
  }

Regards,
  Amit

Re: BlobCrypterSecurityToken.java question

Posted by Amit Murthy <am...@gmail.com>.

Thanks.

I was under the mistaken impression that the the token format is sort of
cast in stone. And for some time was confused by the differing formats
between
BlobCrypter and BasicCrypter!

  Amit

On Mon, Aug 10, 2009 at 10:15 PM, Brian Eaton <be...@google.com> wrote:

> On Mon, Aug 10, 2009 at 12:18 AM, Amit Murthy<am...@gmail.com>
> wrote:
> > Could someone please explain why the BlobCrypterSecurityToken does not
> > return the actual AppId? And why isn't the AppId part of the encrypted
> > token?
>
> Can you can extend that token in arbitrary ways; if you want to
> distinguish between app-id and app-url, create your own subclass.
>
> Cheers,
> Brian
>

Re: BlobCrypterSecurityToken.java question

Posted by Brian Eaton <be...@google.com>.

On Mon, Aug 10, 2009 at 12:18 AM, Amit Murthy<am...@gmail.com> wrote:
> Could someone please explain why the BlobCrypterSecurityToken does not
> return the actual AppId? And why isn't the AppId part of the encrypted
> token?

Can you can extend that token in arbitrary ways; if you want to
distinguish between app-id and app-url, create your own subclass.

Cheers,
Brian