Client Authentication

Description

Allows shindig developers to inject a new OAuth 2.0 Client Authentication handler into the flow to add authentication headers/etc. to all requests to the authorization and token enpoints for a provider.  The framework will look for all registered ClientAuthenticationHandlers where the ClientAuthenticationHandler.geClientAuthenticationType() equals the OAuth2Accessor.getClientAuthenticationType() for the BasicOAuth2Request.

Specification References

    http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-2.3

    http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-2.3.1

Key Classes/Intefraces

           
    org.apache.shindig.gadgets.oauth2.handler.ClientAuthenticationHandler

Provided Sample Implementations

   
    org.apache.shindig.gadgets.oauth2.handler.sample.BasicAuthenticationHandler
 
       
    org.apache.shindig.gadgets.oauth2.handler.sample.StandardAuthenticationHandler
     

Module

       
    org.apache.shindig.gadgets.oauth2.handler.sample.OAuth2HandlerModule

  @Provides
  @Singleton
  List<ClientAuthenticationHandler> provideClientAuthenticationHandlers(
      final BasicAuthenticationHandler basicAuthenticationHandler,
      final StandardAuthenticationHandler standardAuthenticationHandler) {
    return ImmutableList.of((ClientAuthenticationHandler) basicAuthenticationHandler,
        (StandardAuthenticationHandler) standardAuthenticationHandler);
  }

Injected Into

       
    org.apache.shindig.gadgets.oauth2.BasicOAuth2Request

 

TODO : Should this be a list?  Like

"client_authentication" : "Basic, MyAuthExtension"