Serves as the redirect_uri endpont for the Authorization Code flow.
The OAuth2Callback servlet relies on the OAuth2Store and the "state" of the request/response to lookup the OAuth2Accessor that was used to initiate the authorization request. Therefore it is required that the OAuth2Store has the same data in the servlet and BasicOAuth2Request and that the OAuth2 service provider correctly maintains the state (as required by the spec.)
Key Class
org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet
Extending/Overriding
Callback/Redirect processin can be extended by changing the OAuth2Store implementation or injecting a new AuthorizationEndpontResponseHandler
private transient List<AuthorizationEndpointResponseHandler> authorizationEndpointResponseHandlers; private transient OAuth2Store store;
You can also change the mapping in web.xml and the shindig.oauth2.global-redirect-uri in shindig.properties to add your own callback endpoint.