...
OAuth 2.0 support is ENABLED by default. However, clients can still anonymously access the Social APIs using the default AuthenticationHandlerProvider. To prevent anonymous access to Shindig's Social APIs, modify the existing one or create your own AuthenticationHandlerProvider. See the How-Tos section below for details.
For more information on an click here OAuth 2.0 Service Consumer Implementation in Apache Shindig click here
High Level Design
All OAuth 2.0 requests are received by the OAuth2Servlet. Per the spec, there are two OAuth 2.0 related endpoints: /oauth/authorize and /oauth/token. The request is quickly delegated to either the OAuth2AuthorizationHandler or the OAuth2TokenHandler accordingly.
...