Key Class
org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet
Serves as the redirect_uri endpont for the Authorization Code flow.
Extending
Callback/Redirect process can be extended by changing the OAuth2Store implementation or injecting a new AuthorizationEndpontResponseHandler
private transient List<AuthorizationEndpointResponseHandler> authorizationEndpointResponseHandlers;
private transient OAuth2Store store;
You can also change the mapping in web.xml and the shindig.oauth2.global-redirect-uri in shindig.properties to add your own callback endpoint.
OAuth2Callback servlet relies on the OAuth2Store and the "state" of the request/response to lookup the OAuth2Accessor that was used to initiate the authorization request. Therefore it is required that the OAuth2Store has the same data in the servlet and BasicOAuth2Request.