Signed Requests are not yet supported by Google Friend Connect - this is
coming in a future release.
On Thu, Dec 18, 2008 at 9:39 AM, Peter Svensson <psvens...@gmail.com> wrote:
> John,
> thanks for the idea. That might be good enough security, but consider that
> you're open to bots (or humans) registering themselves with stolen ids.
> I would prefer if Google provided a simple functionality to authenticate
> users, a kind of 'quick path', since it would be so usable, and is asked
> from many different corners.
>
> Cheers,
> PS
>
>
> On Thu, Dec 18, 2008 at 6:08 PM, John Weidner <studyst...@gmail.com>wrote:
>
>>
>> I just wrote a custom gadget that prompts for a username and
>> password. Then I use makeRequest to send these credentials along
>> with their open social viewerId. On the server side, if the username
>> and password are correct, I store the viewerId in my user database for
>> that user. So now I know the viewerId for these users. But I'm
>> currently doing this without signed authentication.
>>
>> On Dec 15, 7:19 am, psvensson <psvens...@gmail.com> wrote:
>> > I just want to report back to my server the unique friend connect id
>> > and basic info of the current viewer. How hard can it be?
>> >
>> > I might not have understood how to do this correctly, but here's what
>> > I have done;
>> >
>> > 1. I have made sure that friend connect works on my site canvas, rpc-
>> > html, basic widgets and all that jazz.
>> > 2. I have made a simple custom widget, I call osaccess.xml which gets
>> > pulled in OK (Which I can see in firebug. It's of course proxied by a
>> > google server, but the content that gets in the browser is the same
>> > that I wrote).
>> > 3. From JS inside that custom widget, I make a request back to my
>> > server. It works fine if I use NONE as authorizationtype.
>> > 4. When I switch to SIGNED, I want to utilize that the google proxy
>> > guarantees id, and packs a lot of good info about the user/viewer.
>> >
>> > The code looks like this;
>> >
>> > function foo()
>> > {
>> > .....
>> > var params = {};
>> > params[gadgets.io.RequestParameters.CONTENT_TYPE] =
>> > gadgets.io.ContentType.TEXT;
>> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
>> > gadgets.io.AuthorizationType.SIGNED;
>> > params[gadgets.io.RequestParameters.REFRESH_INTERVAL]
>> > = 5;
>> > var url = "http://howtobethechange.appspot.com/
>> > osaccess/";
>> > console.log("calling url... '"+url+"'");
>> > gadgets.io.makeRequest(url, reqcb, params);
>> > };
>> >
>> > function reqcb(data)
>> > {
>> > console.log("reqcb called....");
>> > console.dir(data);
>> > }
>> >
>> > The reqcb always reply "404: not found" when I use SIGNED.
>> >
>> > What is it that is not found?
>> >
>> > Where can I read about examples on how to set this up. It seems to be
>> > the absolutely single first, top of mind, thing that any pgroammer
>> > want to do and sort of _the whole point_ of friend connect - to report
>> > back the certified user id of the current viewer to the site hosting
>> > the widgets.
>> >
>> > What am I missing?
>> >
>> > I should point out that I have registered my site athttps://
>> www.google.com/accounts/ManageDomains, using a x.509 PEM
>> > certificate. It feels like there is a 'magic' url I have to provide
>> > (though I can't find any access from any google proxies or anything
>> > else when running the script).
>> >
>> > Very thankful for any advice.
>> >
>> > Cheers,
>> > PS
>>
>>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to
opensocial-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---
