cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: OAuth authorization endpoint - conditional redirect
Date Thu, 08 Jul 2010 16:45:12 GMT
Hi

On Thu, Jul 8, 2010 at 10:54 AM, Łukasz Moreń <lukasz.moren@gmail.com>wrote:

> Hi,
>
> When user makes request to authorization endpoint i.e:
> https://photos.example.net/authorize?oauth_token=hh5s93j4hdidpola
>
> I have to check whether oauth_token is valid. If so redirect to user's
> sign in page, if not redirect to some error page.
>

I'm wondering should the server try to redirect the end user back to the
consumer first, provided the consumer did register a callback ? The consumer
will recognize that no verifier is available and will reply back to the end
user : "can not access your resource because the server thought my request
token was invalid" (just an example), so it will be the responsibility of
the consumer as to what to say if the request token expired or something.

Though if no callback is available then the server will have to reply to the
end user indeed...



> So far I use RequestDispatcherProvider, but I am stuck a bit, hot to
> perform a conditional redirection (i.e. depends on object passed to
> MessageBodyWriter).
> I haven't found any easy way to do that. I can write custom
> RequestDispatcherProvider based on existing one, but maybe there is
> easier way?
>
> Perhaps a simpler option is to handle it by using
Response.seeOther(relativeUri) in a service provider method which does the
validation which will redirect the user to a dedicated method handling
errors...

cheers, Sergey

Thanks for help.
>
> Cheers,
> Lukasz
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message