John,
thanks for the idea. That might be good enough security, but consider that
you're open to bots (or humans) registering themselves with stolen ids.
I would prefer if Google provided a simple functionality to authenticate
users, a kind of 'quick path', since it would be so usable, and is asked
from many different corners.
Cheers,
PS
On Thu, Dec 18, 2008 at 6:08 PM, John Weidner <studyst...@gmail.com> wrote:
>
> I just wrote a custom gadget that prompts for a username and
> password. Then I use makeRequest to send these credentials along
> with their open social viewerId. On the server side, if the username
> and password are correct, I store the viewerId in my user database for
> that user. So now I know the viewerId for these users. But I'm
> currently doing this without signed authentication.
>
> On Dec 15, 7:19 am, psvensson <psvens...@gmail.com> wrote:
> > I just want to report back to my server the unique friend connect id
> > and basic info of the current viewer. How hard can it be?
> >
> > I might not have understood how to do this correctly, but here's what
> > I have done;
> >
> > 1. I have made sure that friend connect works on my site canvas, rpc-
> > html, basic widgets and all that jazz.
> > 2. I have made a simple custom widget, I call osaccess.xml which gets
> > pulled in OK (Which I can see in firebug. It's of course proxied by a
> > google server, but the content that gets in the browser is the same
> > that I wrote).
> > 3. From JS inside that custom widget, I make a request back to my
> > server. It works fine if I use NONE as authorizationtype.
> > 4. When I switch to SIGNED, I want to utilize that the google proxy
> > guarantees id, and packs a lot of good info about the user/viewer.
> >
> > The code looks like this;
> >
> > function foo()
> > {
> > .....
> > var params = {};
> > params[gadgets.io.RequestParameters.CONTENT_TYPE] =
> > gadgets.io.ContentType.TEXT;
> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > gadgets.io.AuthorizationType.SIGNED;
> > params[gadgets.io.RequestParameters.REFRESH_INTERVAL]
> > = 5;
> > var url = "http://howtobethechange.appspot.com/
> > osaccess/";
> > console.log("calling url... '"+url+"'");
> > gadgets.io.makeRequest(url, reqcb, params);
> > };
> >
> > function reqcb(data)
> > {
> > console.log("reqcb called....");
> > console.dir(data);
> > }
> >
> > The reqcb always reply "404: not found" when I use SIGNED.
> >
> > What is it that is not found?
> >
> > Where can I read about examples on how to set this up. It seems to be
> > the absolutely single first, top of mind, thing that any pgroammer
> > want to do and sort of _the whole point_ of friend connect - to report
> > back the certified user id of the current viewer to the site hosting
> > the widgets.
> >
> > What am I missing?
> >
> > I should point out that I have registered my site athttps://
> www.google.com/accounts/ManageDomains, using a x.509 PEM
> > certificate. It feels like there is a 'magic' url I have to provide
> > (though I can't find any access from any google proxies or anything
> > else when running the script).
> >
> > Very thankful for any advice.
> >
> > Cheers,
> > PS
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to
opensocial-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---
