...

How to Enable/Disable OAuth 2.0 Security

Description of Classes

...

You can add OAuth2 support to protect your Social APIs by using an AuthenticationHandlerProvider that provides the OAuth2Authenticationhandler.

You can disable the OAuth2 access token and authorization endpoints by removing mappings for the OAuth2Servlet in the Shindig web.xml

If your AuthenticationHandlerProvider doesn't return the OAuth2AuthenticationHandler, your resources won't be protected by OAuth2.

Future Considerations

Currently, the entire OAuth 2.0 implementation is located in a single package within Shindig's social-api module.  We need to determine the most appropriate way to integrate this package into shindig.  We could integrate this package into social-api following the existing patterns, or it may even be broken out as an entirely new module within Shindig.  To be determined...