...

You can add OAuth2 support to protect your Social APIs by using an AuthenticationHandlerProvider that provides the OAuth2AuthenticationhandlerOAuth2AuthenticationHandler.  The OAuth2AuthenticationHandler ensures that requests for protected resources (the Social REST APIs) include valid access tokens.

You can disable the OAuth2 access token and authorization endpoints by removing mappings for the OAuth2Servlet in the Shindig web.xml

If your AuthenticationHandlerProvider doesn't return the OAuth2AuthenticationHandler, your resources won't be protected by OAuth2access tokens will not be checked when clients access protected resources (the Social REST APIs).

Future Considerations

Currently, the entire OAuth 2.0 implementation is located in a single package within Shindig's social-api module.  We need to determine the most appropriate way to integrate this package into shindig.  We could integrate this package into social-api following the existing patterns, or it may even be broken out as an entirely new module within Shindig.  To be determined...

...