Hey Rajesh, 3 legged OAuth is indeed the right solution here; And no once the user goes through the OAuth flow once (ie get redirected to the social site where he has to click 'Grant FOO.COM access to my data'), you get a long lived token that you can keep using indefinitely, or until it is revoked which in practice hardly ever happens. (So once the flow is complete, you store the oauth token for that session in your database for that user)
The added benefit of using 3 legged oauth is that it has a user associated with the session, so right after the the authentication you can do a REST call to /rest/people/@me/@self to fetch the profile info of your user, and /rest/people/@me/@friends to download his friends list, and you can refresh and use the activities/etc API's this whenever its appropriate in your app using that same long lived oauth token / secret. -- Chris On Wed, Jun 3, 2009 at 12:27 PM, raji <narniraj...@gmail.com> wrote: > > Yes, I agree with you. But with the 2-legged OAuth approach, it seems > like we can access details of a user who has registered with my > gadget. But I dont have any gadget running in any social network. > Still I would just like to get the contacts of any given user. How can > I do that? Should I follow the 3-legged OAuth approach? I have a doubt > regarding 3-legged approach. Here does the user have to submit his > credentials (to the actual social network) each time he wants to > access the data? OR is it a one time setting saved some where in the > user's social network account? > > Thanks, > Rajesh > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---