shindig-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Davies (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SHINDIG-1672) The HttpRequest object is not available to GrantRequestHandlers
Date Tue, 31 Jan 2012 15:00:11 GMT

     [ https://issues.apache.org/jira/browse/SHINDIG-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Doug Davies updated SHINDIG-1672:
---------------------------------

    Description: 
It would be nice if the GrantRequestHandler had access to the original request object so that
it could use values like the security token to pass along additional params to the authorization
code request.  In our implementation we set values within the security token's trusted json
field that we'd like to pass along to our GrantRequestHandler implementation.

NEW USECASE (1/31/12): 

Allow additional parameters to be appended to both the auth code request (query string) and
access token request (body).  

** If the other 2 flows need to be updated that can be done as well, but I don't know enough
about those flows to know where to plug in.

Remove these lines

for (Map.Entry<String, String> entry : accessor.getAdditionalRequestParams().entrySet())
{
   request.setParam(entry.getKey(), entry.getValue());
}

>From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and StandardAuthenticationHandler.

Leave the one in CodeGrantTypeHandler to support the additional parameters on the auth code
request.

THEN...add these lines to CodeAuthorizationResponseHandler:getAuthorizationBody to handle
the access token request

(right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )

for (Map.Entry<String, String> entry : accessor.getAdditionalRequestParams().entrySet())
{
   queryParams.put(entry.getKey(), entry.getValue());
}



  was:It would be nice if the GrantRequestHandler had access to the original request object
so that it could use values like the security token to pass along additional params to the
authorization code request.  In our implementation we set values within the security token's
trusted json field that we'd like to pass along to our GrantRequestHandler implementation.


Please see updated use-case. I've discussed these changes with Li Xu and he is going to review.
                
> The HttpRequest object is not available to GrantRequestHandlers
> ---------------------------------------------------------------
>
>                 Key: SHINDIG-1672
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1672
>             Project: Shindig
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: 3.0.0
>            Reporter: Doug Davies
>             Fix For: 3.0.0
>
>
> It would be nice if the GrantRequestHandler had access to the original request object
so that it could use values like the security token to pass along additional params to the
authorization code request.  In our implementation we set values within the security token's
trusted json field that we'd like to pass along to our GrantRequestHandler implementation.
> NEW USECASE (1/31/12): 
> Allow additional parameters to be appended to both the auth code request (query string)
and access token request (body).  
> ** If the other 2 flows need to be updated that can be done as well, but I don't know
enough about those flows to know where to plug in.
> Remove these lines
> for (Map.Entry<String, String> entry : accessor.getAdditionalRequestParams().entrySet())
{
>    request.setParam(entry.getKey(), entry.getValue());
> }
> From BasicAuthenticationHandler, ClientCredentialsGrantTypeHandler, and StandardAuthenticationHandler.
> Leave the one in CodeGrantTypeHandler to support the additional parameters on the auth
code request.
> THEN...add these lines to CodeAuthorizationResponseHandler:getAuthorizationBody to handle
the access token request
> (right after queryParams.put(OAuth2Message.CLIENT_SECRET, secret); )
> for (Map.Entry<String, String> entry : accessor.getAdditionalRequestParams().entrySet())
{
>    queryParams.put(entry.getKey(), entry.getValue());
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message