Hi zemi, This can be done using asymmetric key cryptography. For example if abc.com is a service provider and if they wanna add a gadget to google.com(consumer) to offer their services to their clients using google.com. Google signs all requests to service provider using a private key and the service provider uses a public certificate provided by google to verify all the requests originating from google to be authentic and legitimate. This signing and validation of request messages happens at both the ends(consumer and service provider). With this, a prior registration is not required on the service provider side.
A list of open social public certificates are provided in the following link: https://opensocialresources.appspot.com/certificates The following link provides you an insight into implementing signed fetch using asymmetric key cryptography. The same can be used with 3-legged oauth. http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests Note: There is no such 'anonymous consumer key' as per my understanding. If you view the list of public certificates, along with the public certificate a corresponding oauth_consumer_key is provided and is a fixed value. With Regards, R.Vinod Kumar On Fri, Feb 19, 2010 at 5:49 AM, zemi <matusz...@gmail.com> wrote: > Hi everybody, > I need a consumer to request (3-legged) 'request' tokens without > previous registration on provider side. > I've noticed Google and Plaxo support this with 'anonymous' consumer > key? How exactly is this then handled on provider side? Do they create > token only or consumer key also? > Thanks for help folks! > > Regards, > zemi > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to oa...@googlegroups.com. > To unsubscribe from this group, send email to > oauth+unsubscr...@googlegroups.com <oauth%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.