cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: OAuth authorization endpoint - conditional redirect
Date Thu, 08 Jul 2010 17:20:38 GMT
On Thu, Jul 8, 2010 at 6:06 PM, Łukasz Moreń <lukasz.moren@gmail.com> wrote:

> Hi,
>
> > I'm wondering should the server try to redirect the end user back to the
> > consumer first, provided the consumer did register a callback ? The
> consumer
> > will recognize that no verifier is available and will reply back to the
> end
> > user : "can not access your resource because the server thought my
> request
> > token was invalid" (just an example), so it will be the responsibility of
> > the consumer as to what to say if the request token expired or something.
> >
> > Though if no callback is available then the server will have to reply to
> the
> > end user indeed...
>
> I got suggested by current OAuth providers, i.e. google or twitter
> show information about invalid request on the server side.
> Approach that error response is sent to the client is I think included
> in current OAuth 2.0 spec. Hovewer callback_uri is required there
> either through preregistration or request parameter, in 1.0, as you
> mentioned may not be available.
>
> I would go with server response to the user as it solves both cases
> where callback is available or not.
> WDYT?
>
> please do

cheers, Sergey



> >
> >
> >
> >> So far I use RequestDispatcherProvider, but I am stuck a bit, hot to
> >> perform a conditional redirection (i.e. depends on object passed to
> >> MessageBodyWriter).
> >> I haven't found any easy way to do that. I can write custom
> >> RequestDispatcherProvider based on existing one, but maybe there is
> >> easier way?
> >>
> >> Perhaps a simpler option is to handle it by using
> > Response.seeOther(relativeUri) in a service provider method which does
> the
> > validation which will redirect the user to a dedicated method handling
> > errors...
>
> Thanks, that's simpler way:).
>
> Cheers,
> Lukasz
>
> >
> > cheers, Sergey
> >
> > Thanks for help.
> >>
> >> Cheers,
> >> Lukasz
> >>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message