Versions Compared

Old Version 18

changes.mady.by.user Adam Clarke

Saved on

compared with

New Version 19

changes.mady.by.user Adam Clarke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Currently a gadget declares it's intent to use gadgets.io.makeRequest() to access external resources protected by OAuth 1.0 with an <OAuth> Service declaration

...

No Format
<!-- Existing OAuth 1.0 definition -->
<ModulePrefs title="Demo 3-legged OAuth to Shindig">   
  <OAuth>     
    <Service name="shindig">       
      <Request url="http://localhost:8080/oauth/requestToken" />       
      <Authorization url="http://localhost:8080/oauth/authorize?oauth_callback=http://localhost:8080/gadgets/oauthcallback" />       
      <Access url="http://localhost:8080/oauth/accessToken" />     
    </Service>
  </OAuth>
  <Require feature="oauthpopup" />
</ModulePrefs>

Because OAuth 1.0 and 2.0 are incompatible  incompatible and some of the terminology has changed enough it was decided to create a new OAuth 2 <OAuth2> Service declaration.

It has been proposed here and is the basis of the implementation in Shindig .     See Proposed Changes Here

...

<Authorization> and <Token> urls are optional in the gadget specModulePrefs.  If they are not explicitly defined in the gadget spec ModulePrefs they must be bound on the server.  OAuth 2.0 gadget-to-endpoint binding is left up to the server implementation.

After a gadget has declared it's intent to access OAuth 2.0 protected resources with the <OAuth2> service declaration it can use the gadgets.io.makeRequest() in a manner almost identical to OAuth 1.0.  This assumes that the Authorization and Token endpoints have been bound correctly on the server and correct OAuth 2.0 clients are registered with the proxying service.

No Format
 function fetchData() {
        url = "http://localhost:8080/social/rest/people/@me/@friends/";
        var params = {};
        params[gadgets.io.RequestParameters.CONTENT_TYPE] =
          gadgets.io.ContentType.TEXT;
        params[gadgets.io.RequestParameters.AUTHORIZATION] =
          gadgets.io.AuthorizationType.OAUTH2;
        params[gadgets.io.RequestParameters.METHOD] =
          gadgets.io.MethodType.GET;
        params[gadgets.io.RequestParameters.OAUTH_SERVICE_NAME] = "shindig";
        params[gadgets.io.RequestParameters.OAUTH_SCOPE] = "requestScopeOverridesGadgetDefault";
        params[gadgets.io.RequestParameters.REFRESH_INTERVAL] = "0";

        gadgets.io.makeRequest(url, function (response) {
          if (response.oauthApprovalUrl) {
            var onOpen = function() {
              showOneSection('waiting');
            };
            var onClose = function() {
              fetchData();
            };
            var popup = new gadgets.oauth.Popup(response.oauthApprovalUrl,
                null, onOpen, onClose);
            $('personalize').onclick = popup.createOpenerOnClick();
            $('approvaldone').onclick = popup.createApprovedOnClick();
            showOneSection('approval');
          } else if (response.data) {
            $('main').appendChild(document.createTextNode(response.data));
            showOneSection('main');
          } else {
            var whoops = document.createTextNode(
                'OAuth error: ' + response.oauthError + ': ' +
                response.oauthErrorText);
            $('main').appendChild(whoops);
            showOneSection('main');
          }
        }, params);
      }

...