jsonrpctransport.js is using shindig.auth.getSecurityToken(). This is
great if the json rpc request is coming from the container. However,
not if it's coming from the gadget. For example let's say my gadget is
calling userprefs
osapi.appdata.update({
userid : '@me',
groupid : '@self',
appId : '@app',
data : data
})
This instruct the request to use the appid from the security token
passed in on the call. But this will end up using the appid that was
set by the container, not by the gadget. Should this be using the
security token of the gadget?
I've posed this as a more general usage question over in users but I
thought maybe the devs would have a better idea of why this is coded
this way.
Doug
