Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.5.0-beta1
-
None
Description
Currently the OAuth2 Consumer stores access/refresh tokens per gadget, per user.
I have received comments that it would be convenient to allow a set of Gadgets to share a tokens per user. Improving the user experience for a group of OAuth2 dependent gadgets by not triggering additional opt-ins.
Technically this is possible to implement with a custom OAuth2Store or OAuth2Persister but it would be nice to formalize it in shindig and the sample persistence plugin.
When an administrator creates an OAuth2Client they can specify that the client is shared.
"shindig_client1" :
{ "providerName" : "shindigOAuth2Provider", "type" : "confidential", "grant_type" : "code", "client_id" : "shindigClient", "client_secret" : "U78KJM98372AMGL87612993M", "sharedToken" : "true" },
(If the value is not specified the default will be "false", keeping the current behavior.)
In this case any gadget bound to the "shindig_client1" client will use the same access/refresh token for the user.
Administrators should take extra care when binding sharedToken clients.