OAuth2CallbackServlet

Serves as the redirect_uri endpont for the Authorization Code flow.

The OAuth2Callback servlet relies on the OAuth2Store and the "state" of the request/response to lookup the OAuth2Accessor that was used to initiate the authorization request.  Therefore it is required that the OAuth2Store has the same data in the servlet and BasicOAuth2Request and that the OAuth2 service provider correctly maintains the state (as required by the spec.)

Key Class

    org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet

  

Extending/Overriding

Callback/Redirect processing can be extended by changing the OAuth2Store implementation or injecting a new AuthorizationEndpontResponseHandler

    private transient List<AuthorizationEndpointResponseHandler> authorizationEndpointResponseHandlers;
    private transient OAuth2Store store;

  

You can also change the mapping in web.xml and the shindig.oauth2.global-redirect-uri in shindig.properties to add your own callback endpoint.