You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Paul Lindner <li...@inuus.com> on 2010/11/30 21:27:48 UTC
OAuth 2.0 for shindig
I'd like to commit the OAuth 2.0 support for browser -> server RPC calls
available here:
http://codereview.appspot.com/3138041/
This covers this feature request:
https://issues.apache.org/jira/browse/SHINDIG-606
What does this change?
* It allows you to pass the security token as an OAuth 2.0 access token in
the following ways:
POST /rpc?oauth_token=XXXXXXX
POST /rpc
Authorization: OAuth XXXXXXXXX
.. instead of
POST /rpc?st=xxxxxxxx
* jsonrpccontainer now uses the Authorization header to pass the token
instead of the URI.
What might break?
If you have a generic Authorization header filter used in conjunction with
Shindig you might have problems, especially if you're using an OAuth 2.0
Authorization handler. In practice it appears that this is rare.
If no objections this will go in late wednesday.
Paul
--
Paul Lindner -- lindner@inuus.com -- linkedin.com/in/plindner
Re: OAuth 2.0 for shindig
Posted by Paul Lindner <li...@inuus.com>.
it's in now.
On Wed, Dec 1, 2010 at 5:00 PM, Vincent Siveton <vs...@apache.org> wrote:
> go sounds good
>
> Vincent
>
> 2010/11/30 Paul Lindner <li...@inuus.com>:
> > I'd like to commit the OAuth 2.0 support for browser -> server RPC calls
> > available here:
> >
> > http://codereview.appspot.com/3138041/
> >
> >
> > This covers this feature request:
> >
> > https://issues.apache.org/jira/browse/SHINDIG-606
> >
> >
> > What does this change?
> >
> > * It allows you to pass the security token as an OAuth 2.0 access token
> in
> > the following ways:
> >
> > POST /rpc?oauth_token=XXXXXXX
> >
> > POST /rpc
> > Authorization: OAuth XXXXXXXXX
> >
> > .. instead of
> >
> > POST /rpc?st=xxxxxxxx
> >
> > * jsonrpccontainer now uses the Authorization header to pass the token
> > instead of the URI.
> >
> >
> > What might break?
> >
> > If you have a generic Authorization header filter used in conjunction
> with
> > Shindig you might have problems, especially if you're using an OAuth 2.0
> > Authorization handler. In practice it appears that this is rare.
> >
> >
> > If no objections this will go in late wednesday.
> >
> > Paul
> >
> >
> > --
> > Paul Lindner -- lindner@inuus.com -- linkedin.com/in/plindner
> >
>
--
Paul Lindner -- lindner@inuus.com -- linkedin.com/in/plindner
Re: OAuth 2.0 for shindig
Posted by Vincent Siveton <vs...@apache.org>.
go sounds good
Vincent
2010/11/30 Paul Lindner <li...@inuus.com>:
> I'd like to commit the OAuth 2.0 support for browser -> server RPC calls
> available here:
>
> http://codereview.appspot.com/3138041/
>
>
> This covers this feature request:
>
> https://issues.apache.org/jira/browse/SHINDIG-606
>
>
> What does this change?
>
> * It allows you to pass the security token as an OAuth 2.0 access token in
> the following ways:
>
> POST /rpc?oauth_token=XXXXXXX
>
> POST /rpc
> Authorization: OAuth XXXXXXXXX
>
> .. instead of
>
> POST /rpc?st=xxxxxxxx
>
> * jsonrpccontainer now uses the Authorization header to pass the token
> instead of the URI.
>
>
> What might break?
>
> If you have a generic Authorization header filter used in conjunction with
> Shindig you might have problems, especially if you're using an OAuth 2.0
> Authorization handler. In practice it appears that this is rare.
>
>
> If no objections this will go in late wednesday.
>
> Paul
>
>
> --
> Paul Lindner -- lindner@inuus.com -- linkedin.com/in/plindner
>