You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shindig.apache.org by "Doug Davies (JIRA)" <ji...@apache.org> on 2011/07/18 16:54:58 UTC

[jira] [Commented] (SHINDIG-1557) jsonrcptransport.js is using the container security token instead of the gadget security token

    [ https://issues.apache.org/jira/browse/SHINDIG-1557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067065#comment-13067065 ] 

Doug Davies commented on SHINDIG-1557:
--------------------------------------

See 

http://markmail.org/message/selyqlacjgz7t7zv
http://markmail.org/message/kjsk6qdrjleomgsp

for more info.

> jsonrcptransport.js is using the container security token instead of the gadget security token
> ----------------------------------------------------------------------------------------------
>
>                 Key: SHINDIG-1557
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1557
>             Project: Shindig
>          Issue Type: Bug
>          Components: Javascript 
>    Affects Versions: 3.0.0
>            Reporter: Doug Davies
>
> When a gadget makes an rpc request (using common container) the security token returned to the gadget via the st param is not the one being used for the rpc request.  It is using the one generated in the container.  This is probably because the rpc call ends up happening in the context of the container and shindig.auth.getSecurityToken returns that one.  Calls to userprefs and appdata need the gadget security token so the is has the appid and appurl to use as db indexes.  Just having the viewer and owner that is inherited from the container is not enough.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira