Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 23 Next »

Still under construction ... more details coming soon ...

OAuth 2.0 Consumer for Apache Shindig

Adam Clarke, Eric Woods, Jeff Hoy, Li Xu and Matthew Marum are implementing support for an OAuth 2.0 Service Consumer in Apache Shindig.  This article provides an overview of the implementation including high level design, supported flows, common How-Tos, and future considerations.

The OAuth 2.0 specification is here: http://tools.ietf.org/html/draft-ietf-oauth-v2-21

Other helpful OAuth 1.0 and OAuth 2.0 information here: http://oauth.net/2/

For more information on the related (but still separate) click here: OAuth 2.0 Service Provider Implementation in Apache Shindig

Also being tracked at https://issues.apache.org/jira/browse/SHINDIG-1624

Overview

  • The OAuth 2.0 Consumer proposal is the combination of a small number of changes to the gadget spec and gadgets.io.makeRequest() API to allow gadgets running in an OpenSocial container to make proxied HttpRequests to service providers protected by OAuth 2.0.
  • The Shindig 3.0.0. Java Reference Implementation is an OAuth 2.0-v21 spec compliant server side implementation that supports Authorization Code (3-legged) and Client Credentials (2-legged) flows.  
  • It has been tested against Google API, Facebook API and the Shindig Provider developed by Matt and Eric with the "Bearer" Token Type.
  • The reference implementation can be extended (via Guice binding injections) to support additional Client Authentication requirements, Grant Types, Token Types, Authorization Responses and Token Responses.
  • The default OAuth2Request and OAuth2Store implementations offer other plugin points required for production-ready OAuth 2.0 deployments.  Persistence, Caching and Secret Encryptpion.
  1. Specification Considerations

  2. Running the Demo Gadgets

  • No labels