Usecase for new handler in dojo.io.bind

[guest]

I am accessing the FlickrAPI via JSONP and ScriptSrcIO. Some parts of the API require authentication, authenticated requests need to be signed.

Signed requests are typically done like this : ​http://www.flickr.com/services/api/auth.howto.desktop.html

Requests signed by making an MD5 hash of the alphabetically sorted request params and their data with a token etc., then adding this as an extra parameter (etc. etc.).

When you use ScriptSrcIO with JSONP and the jsonParamName kwArg option, extra parameters get added during the call to dojo.io.bind, meaning that you cannot accurately sign the request before calling it.

The solution I am thinking of is to add yet another optional parameter to kwArgs, something like :

preFlightHandler: function(query) { final adjustments to Request query }

The preFlightHandler would then be called as the last code able to add parameters to the Request.

It would probably be more convenient to have a Map of the request params passed to the handler, but this would require a big re-write of the bind code, as it starts working with just a query string very early on.

[James Burke]

Looking at this more, I'm not sure this is a good idea. The request signatures for APIs like this (Flickr and AOL's OpenAuth?), require using a shared secret. Normally this shared secret should not be visible, but it will be if used in JavaScript? in the browser.

I do not think we want to encourage that use case, even though it is something I have done before. It also makes another function argument we have to explain in the docs, for a very rare case. So I'm going to mark as wontfix. You can still get sort of what you want by overriding dojo.io.script.attach(), and modifying the URL before the script tag gets attached.