Hi zemi,
This can be done using asymmetric key cryptography. For example if
abc.com is a service provider and if they wanna add a gadget to
google.com(consumer)
to offer their services to their clients using google.com. Google signs all
requests to service provider using a private key and the service provider
uses a public certificate provided by google to verify all the requests
originating from google to be authentic and legitimate. This signing and
validation of request messages happens at both the ends(consumer and service
provider). With this, a prior registration is not required on the service
provider side.
A list of open social public certificates are provided in the following
link:
https://opensocialresources.appspot.com/certificates
The following link provides you an insight into implementing signed fetch
using asymmetric key cryptography. The same can be used with 3-legged oauth.
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
Note: There is no such 'anonymous consumer key' as per my understanding. If
you view the list of public certificates, along with the public certificate
a corresponding oauth_consumer_key is provided and is a fixed value.
With Regards,
R.Vinod Kumar
On Fri, Feb 19, 2010 at 5:49 AM, zemi <matusz...@gmail.com> wrote:
> Hi everybody,
> I need a consumer to request (3-legged) 'request' tokens without
> previous registration on provider side.
> I've noticed Google and Plaxo support this with 'anonymous' consumer
> key? How exactly is this then handled on provider side? Do they create
> token only or consumer key also?
> Thanks for help folks!
>
> Regards,
> zemi
>
> --
> You received this message because you are subscribed to the Google Groups
> "OAuth" group.
> To post to this group, send email to oa...@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>.
> For more options, visit this group at
> http://groups.google.com/group/oauth?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to
oauth+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
