Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0


The OAuth service provider code in Shindig needs changes as well, but they are relatively minor compared to the consumer-side changes and will not be discussed in this document.


Assumption: Removed is an accurate description of the new OAuth spec.


<Authorization url=" Removed" />

Even if the author doesn't include the callback URL in their spec, they may still add an oauth_callback parameter in javascript at runtime:

approvalUrl = approvalUrl + "&oauth_callback=http://mycustomcallback.comImage Removed";

That flexibility is no longer possible with the new OAuth spec, because the callback URL is now a critical part of the security of the protocol.


Shindig will send a request token request to the service provider and include the additional parameter: oauth_callback=<callback URL>. For example

oauth_callback= Removed

The callback URL will be generated as follows:


The callback request will arrive at the callback servlet, looking something like this: Removed<callback-state>&oauth_verifier=<callback-token>