You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Paul Lindner <pl...@linkedin.com> on 2009/09/23 20:19:10 UTC
documentation for ActiveUrl in SecurityToken?
Hi,
I was wondering if someone could contribute some documentation for the
activeUrl field used in the security token. It appears that this is used to
allow for proxied callbacks with the OAuth proxy, but I'm still a little
unsure. Any help appreciated.
Thanks
Paul
Re: documentation for ActiveUrl in SecurityToken?
Posted by Brian Eaton <be...@google.com>.
On Wed, Sep 23, 2009 at 12:11 PM, Paul Lindner <li...@inuus.com> wrote:
> The docs describe it as 'The URL being used by the current request'
>
> I assume this means the container specific URL in use for a given security
> token, right?
>
> For example if I display an app on http://example.com/app1/canvas then I
> should store this URL in the activeUrl field in the security token. This is
> then used by the oauth proxy to construct a callback to the the callback,
> right?
It's actually the URL of the request. For example, for a security
token that arrives with a gadgets.io.makeRequest request, it would be
http://randomstring.amodules.com/gadgets/makeRequest.
This doesn't change the size of the token at all, the value is dynamic.
Cheers,
Brian
Re: documentation for ActiveUrl in SecurityToken?
Posted by Paul Lindner <li...@inuus.com>.
The docs describe it as 'The URL being used by the current request'
I assume this means the container specific URL in use for a given security
token, right?
For example if I display an app on http://example.com/app1/canvas then I
should store this URL in the activeUrl field in the security token. This is
then used by the oauth proxy to construct a callback to the the callback,
right?
I'm also a little concerned that this is going to greatly increase the size
of the security token and it means that security tokens cannot be reused
from one page to the next.
I suppose one could embed the view into the security token instead of the
full URL. Then one could construct the activeUrl based on the app Id/Url in
a way that's similar to the way requestNavigateTo() is done...
On Wed, Sep 23, 2009 at 11:57 AM, Brian Eaton <be...@google.com> wrote:
> On Wed, Sep 23, 2009 at 11:19 AM, Paul Lindner <pl...@linkedin.com>
> wrote:
> > I was wondering if someone could contribute some documentation for the
> > activeUrl field used in the security token. It appears that this is used
> to
> > allow for proxied callbacks with the OAuth proxy, but I'm still a little
> > unsure. Any help appreciated.
>
> It's the URL of the request being processed, and that is indeed it's
> purpose. I kind of expected other people to find a use for it,
> though.
>
> There is java doc in the SecurityToken interface, I assume you want
> additional details beyond that...?
>
> Cheers,
> Brian
>
Re: documentation for ActiveUrl in SecurityToken?
Posted by Brian Eaton <be...@google.com>.
On Wed, Sep 23, 2009 at 11:19 AM, Paul Lindner <pl...@linkedin.com> wrote:
> I was wondering if someone could contribute some documentation for the
> activeUrl field used in the security token. It appears that this is used to
> allow for proxied callbacks with the OAuth proxy, but I'm still a little
> unsure. Any help appreciated.
It's the URL of the request being processed, and that is indeed it's
purpose. I kind of expected other people to find a use for it,
though.
There is java doc in the SecurityToken interface, I assume you want
additional details beyond that...?
Cheers,
Brian