Hey Kenny, >From your email I'm not entirely sure what type of application you're building, so that makes it somewhat harder to comment on what the right approach would be, but in a general sense my comment would be that you're thinking the wrong way around for a social app.
In the clasic "a user logs in to my site" type of app you start out knowing something about a user before they can do anything, in a social setting however it's the custodian (social site) that knows something about the user and the user has to grant permission for your app to retrieve that data. Now if you're building a gadget, the way that the user grants permission is by installing the app (and depending on the platform, checking 'yes i grant access'), and you can do tamper-proof calls to your back-end using a signed (gadgets.io.AuthorizationType.SIGNED) gadgets.io.makeRequest() call, then you can do an OAuth check on the incoming URL to verify it's content hasn't been tampered with and is indeed from the social site, and use the query params to discover which user ID the request originated from, http://wiki.opensocial.org/index.php?title=Introduction_to_makeRequest and http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests have more details on how to do this. If however you're building a website that lives on it's own, then you would use the OpenSocial REST API to retrieve information, and OAuth to get permission to that information.. the work flow as I mentioned is the reverse of what you might expect if you come from a clasic web development background, you first go through the OAuth flow where the user has to click 'I want to give <website> access to my information' on the social site before you can learn anything about him/her. There's a number of client libraries available that have implemented this in several languages: <goog_1252495392433> - OpenSocial PHP Client Library<http://code.google.com/p/opensocial-php-client/> - OpenSocial Java Client Library<http://code.google.com/p/opensocial-java-client/> - OpenSocial Python Client Library<http://code.google.com/p/opensocial-python-client/> - OpenSocial Ruby Client Library<http://code.google.com/p/opensocial-ruby-client/> - OpenSocial .NET Client Library<http://code.google.com/p/opensocial-net-client/> - OpenSocial AS3 Client Library<http://code.google.com/p/opensocial-as3-client/> If however you just want to have a login mechanism that can be used to identify a user, also make sure to check out Google Friend Connect: http://code.google.com/apis/friendconnect/ http://code.google.com/apis/friendconnect/getting_started.html Which you can use either as cut-and-paste javascript, or deep integration with your code using the same OpenSocial API's, Hope that helps, -- Chris On Wed, Sep 9, 2009 at 2:37 PM, Kenny Dunn <gkennyd...@gmail.com> wrote: > > I need to be able to securely identify the user on the back end, > preferably with their email address. Does anyone have any example of > this? I know it seems pretty basic, but I'm just getting started. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
