Versions Compared

Old Version 20

changes.mady.by.user Adam Clarke

Saved on

compared with

New Version 21

changes.mady.by.user Adam Clarke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The OAuth 2.0 Consumer proposal is the combination of a small number of changes to the gadget spec and gadgets.io.makeRequest() API to allow gadgets running in an OpenSocial container to make proxied HttpRequests to service providers protected by OAuth 2.0.
  • The Shindig 3.0.0. Java Reference Implementation is an OAuth 2.0-v21 spec compliant server side implementation that supports Authorization Code (3-legged) and Client Credentials (2-legged) flows.  
  • It has been tested against Google API, Facebook API and the Shindig Provider developed by Matt and Eric with the "Bearer" Token Type.
  • The reference implementation can be extended (via Guice binding injections) to support additional Client Authentication requirements, Grant Types, Token Types, Authorization Responses and Token Responses.
  • The default OAuth2Request and OAuth2Store implementations offer other plugin points required for production-ready OAuth 2.0 deployments.  Persistence, Caching and Secret Encryptpion.

Spec Considerations

Currently a gadget declares it's intent to use gadgets.io.makeRequest() to access external resources protected by OAuth 1.0 with an <OAuth> Service declaration

See spec definition here

No Format

<!-- Existing OAuth 1.0 definition -->
<ModulePrefs title="Demo 3-legged OAuth to Shindig">   
  <OAuth>     
    <Service name="shindig">       
      <Request url="http://localhost:8080/oauth/requestToken" />       
      <Authorization url="http://localhost:8080/oauth/authorize?oauth_callback=http://localhost:8080/gadgets/oauthcallback" />       
      <Access url="http://localhost:8080/oauth/accessToken" />     
    </Service>
  </OAuth>
  <Require feature="oauthpopup" />
</ModulePrefs>

Because OAuth 1.0 and 2.0 are incompatible and the terminology has changed enough it was decided to create a new <OAuth2> Service declaration.

It has been proposed here and is the basis of the implementation in Shindig      See Proposed Changes Here

No Format

<!-- Proposed new OAuth 2.0 definition -->
<ModulePrefs title="OAuth2 Demo Gadget -- Authorization Code">
    <OAuth2>
     <!-- name and scope are optional -->
     <Service name="shindig" scope="defaultGadgetScope" >
       <!-- authorization and token endpoint urls are optional -->
       <Authorization url="http://localhost:8080/oauth2/authorize" />
       <Token url="http://localhost:8080/oauth2/token"  />
    </OAuth2>
   <Require feature="oauthpopup" />
</ModulePrefs>

<Authorization> and <Token> urls are optional in the gadget ModulePrefs.  If they are not explicitly defined in the gadget ModulePrefs they must be bound on the server.  OAuth 2.0 gadget-to-endpoint binding is left up to the server implementation.

After a gadget has declared it's intent to access OAuth 2.0 protected resources with the <OAuth2> service declaration it can use the gadgets.io.makeRequest() in a manner almost identical to OAuth 1.0.  This assumes that the Authorization and Token endpoints have been bound correctly on the server and correct OAuth 2.0 clients are registered with the proxying service.

No Format

 function fetchData() {
        url = "http://localhost:8080/social/rest/people/@me/@friends/";
        var params = {};
        params[gadgets.io.RequestParameters.CONTENT_TYPE] =
          gadgets.io.ContentType.TEXT;
        params[gadgets.io.RequestParameters.AUTHORIZATION] =
          gadgets.io.AuthorizationType.OAUTH2;
        params[gadgets.io.RequestParameters.METHOD] =
          gadgets.io.MethodType.GET;
        params[gadgets.io.RequestParameters.OAUTH_SERVICE_NAME] = "shindig";
        params[gadgets.io.RequestParameters.OAUTH_SCOPE] = "requestScopeOverridesGadgetDefault";
        params[gadgets.io.RequestParameters.REFRESH_INTERVAL] = "0";

        gadgets.io.makeRequest(url, function (response) {
          if (response.oauthApprovalUrl) {
            var onOpen = function() {
              showOneSection('waiting');
            };
            var onClose = function() {
              fetchData();
            };
            var popup = new gadgets.oauth.Popup(response.oauthApprovalUrl,
                null, onOpen, onClose);
            $('personalize').onclick = popup.createOpenerOnClick();
            $('approvaldone').onclick = popup.createApprovedOnClick();
            showOneSection('approval');
          } else if (response.data) {
            $('main').appendChild(document.createTextNode(response.data));
            showOneSection('main');
          } else {
            var whoops = document.createTextNode(
                'OAuth error: ' + response.oauthError + ': ' +
                response.oauthErrorText);
            $('main').appendChild(whoops);
            showOneSection('main');
          }
        }, params);
      }

The AuthorizationType.OAUTH2 and RequestParameters.OAUTH_SCOPE are additions for OAuth 2.0 support and need to be proposed.

Running the Demo Gadgets

You will need Google and Facebook accounts and registered applications for these steps....

...