Marvman / gwt-oauth2

Automatically exported from code.google.com/p/gwt-oauth2
Apache License 2.0
0 stars 0 forks source link

Add support for alternative response_types #84

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
A number of OAuth providers prefer response_type=code instead of 
response_type=token (discovered following the links provided in the main page - 
https://code.google.com/p/gwt-oauth2/), and one provider (Clever - 
https://clever.com/developers/docs#identity-api-sso-oauth2-flow-section) 
requires response_type=code - it fails when set to token.  

Unfortunately, token is hardcoded into the AuthRequest, so there is no way for 
me to change the type dynamically, which means that I'll have to grab the code, 
modify one word, and include the modified code in our project.  This is clearly 
not the optimal method.

Thank you!

Original issue reported on code.google.com by rhar...@classworks.com on 29 Sep 2014 at 1:37

GoogleCodeExporter commented 9 years ago
Token is the only supported response type because that's the response type used 
in the JavaScript client-side flow used by the library. The code response type 
would require a server-side component which is out f scope for this library.

Luckily, there are many server-side Java libraries that implement the code 
response type, like https://google-oauth-java-client.googlecode.com

Original comment by jasonhall@google.com on 29 Sep 2014 at 1:49

GoogleCodeExporter commented 9 years ago
Ahh, that's unfortunate - sounds like this will be more complicated than our 
Google SSO implementation.  Thanks for the info and link though!  That should 
be a help

Original comment by rhar...@classworks.com on 29 Sep 2014 at 1:52

GoogleCodeExporter commented 9 years ago

Original comment by jasonhall@google.com on 29 Sep 2014 at 3:08