[SHINDIG-1711] OAuth2 access tokens being removed from OAuth2Store when request returns any 4xx response - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.0-beta1
Fix Version/s: 2.5.0-beta1
Component/s: Java
Labels:
- OAuth2

Description

If the url to which a gadget is doing a makeRequest doesn't exist, i.e., returns a 404 to the Shindig server, the access token is being removed from the OAuth2 Store. This functionality is implemented here: org.apache.shindig.gadgets.oauth2.BasicOAuth2Request.fetchFromServer(OAuth2Accessor, HttpRequest)

fetchFromServer is checking only if the response code is 4xx, and if so, it is removing the access token from the store. This seems right for 401 or 403 return codes, perhaps, but not for 404. The behavior for an end user would then be that they have to do the OAuth dance again next time the gadget tries to access a resource.

The proposal is to change the current implementation to look explicitly for 401 or 403 response codes in fetchFromServer instead of looking for any 4xx.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OAuth2_4xx_v2.patch
01/Mar/12 21:18
0.7 kB
Stanton Sievers

Activity

People

Assignee:: Stanton Sievers

Reporter:: Stanton Sievers

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Feb/12 19:56

Updated:: 29/Mar/12 20:58

Resolved:: 01/Mar/12 21:19