shindig-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ronny Roeller <>
Subject OAuth2+REST API: how to retrieve the viewer?
Date Wed, 23 Nov 2011 08:39:39 GMT
Hi community,

I'm testing the new OAuth2 implementation (3.0.0-beta3). After retrieving
my access-token, I'm sending requests to the REST API but can't figure out
the viewer in my SPIs.

For example:

   1. As user 'sue' I'm requesting an access-token
   2. Shindig gives me the access-token 7173531c-57da-44d7-a4fe-52cae0faa3e1
   3. I request information about user
   'joe': /social/rest/people/joe/@self?access_token=7173531c-57da-44d7-a4fe-52cae0faa3e1
   4. My PersonService decides based on the viewer how much information to
   return (e.g. 'sue' may be an administrator and see more available data

How could I figure out in my PersonService that the viewer of the request
was 'sue'?

One possible solution I found: I could extend OAuth2Code with the
viewerId and then set the value when creating the accessToken
in OAuth2Service.generateAccessToken(). I use this access token to create a
SecurityToken in OAuth2AuthenticationHandler:getSecurityTokenFromRequest()
[instead of returning the AnonymousSecurityToken].

Does this make sense? What would be the suggested solution approach?

Many thanks,

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message