Versions Compared

Old Version 26

changes.mady.by.user Adam Clarke

Saved on

compared with

New Version Current

changes.mady.by.user Adam Clarke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Still under construction ... more details coming soon ...

OAuth 2.0 Consumer for Apache Shindig

...

For more information on the related service provider (but still separate) click here: OAuth 2.0 Service Provider Implementation in Apache Shindig

Also being tracked at https://issues.apache.org/jira/browse/SHINDIG-1624

The consumer implementation is v2-21 compliant and was tested against Google, Facebook and the internal shindig provider documented in this Wiki and linked to above.

Overview

  • The OAuth 2.0 Consumer proposal is the combination of a small number of changes to the gadget spec and gadgets.io.makeRequest() API to allow gadgets running in an OpenSocial container to make proxied HttpRequests to service providers protected by OAuth 2.0.
  • The Shindig 3.0.0. Java Reference Implementation is an OAuth 2.0-v21 spec compliant server side implementation that supports Authorization Code (3-leggedparty) and Client Credentials (2-leggedparty) flows.  
  • It has been tested against Google API, Facebook API and the Shindig Provider developed by Matt and Eric with the "Bearer" Token Type.
  • The reference implementation can be extended (via Guice binding injections) to support additional Client Authentication requirements, Grant Types, Token Types, Authorization Responses and Token Responses.
  • The default OAuth2Request and OAuth2Store implementations offer other plugin points required for production-ready OAuth 2.0 deployments.  Persistence, Caching and Secret Encryptpion.

  1. OpenSocial Specification Considerations

  2. Running the Demo Gadgets

  3. OAuth 2.0 Flow Support

    (NOT DONE)

  4. High Level Design Overview (NOT DONE)

  5. Client Authentication

    (NOT DONE)

  6. Authorization Response Handling

  7. OAuth2CallbackServlet

  8. Token Response Handling

  9. Grant Types (NOT DONE)

  10. OAuth2CallbackServlet

    Token Types (NOT DONE)

    Token Response Handling

  11. Accessing Protected Resources (NOT DONE)

  12. Access Token Refresh Flow (NOT DONE)

  13. Default Persistence (oauth2.json), Caching and Secret Encryption (NOT DONE)

  14. shindig.properties impacts

  15. web.xml impacts

  16. HOW TO ( NOT DONE)

  17. Future Considerations and TODOs