Hey Kenny,

>From your email I'm not entirely sure what type of application you're
building, so that makes it somewhat harder to comment on what the right
approach would be, but in a general sense my comment would be that you're
thinking the wrong way around for a social app.

In the clasic "a user logs in to my site" type of app you start out knowing
something about a user before they can do anything, in a social setting
however it's the custodian (social site) that knows something about the user
and the user has to grant permission for your app to retrieve that data.

Now if you're building a gadget, the way that the user grants permission is
by installing the app (and depending on the platform, checking 'yes i grant
access'), and you can do tamper-proof calls to your back-end using a signed
(gadgets.io.AuthorizationType.SIGNED) gadgets.io.makeRequest() call, then
you can do an OAuth check on the incoming URL to verify it's content hasn't
been tampered with and is indeed from the social site, and use the query
params to discover which user ID the request originated from,
http://wiki.opensocial.org/index.php?title=Introduction_to_makeRequest and
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests have
more details on how to do this.

If however you're building a website that lives on it's own, then you would
use the OpenSocial REST API to retrieve information, and OAuth to get
permission to that information.. the work flow as I mentioned is the reverse
of what you might expect if you come from a clasic web development
background, you first go through the OAuth flow where the user has to click
'I want to give <website> access to my information' on the social site
before you can learn anything about him/her.

There's a number of client libraries available that have implemented this in
several languages:
<goog_1252495392433>

   - OpenSocial PHP Client
Library<http://code.google.com/p/opensocial-php-client/>
   - OpenSocial Java Client
Library<http://code.google.com/p/opensocial-java-client/>
   - OpenSocial Python Client
Library<http://code.google.com/p/opensocial-python-client/>
   - OpenSocial Ruby Client
Library<http://code.google.com/p/opensocial-ruby-client/>
   - OpenSocial .NET Client
Library<http://code.google.com/p/opensocial-net-client/>
   - OpenSocial AS3 Client
Library<http://code.google.com/p/opensocial-as3-client/>

If however you just want to have a login mechanism that can be used to
identify a user, also make sure to check out Google Friend Connect:
http://code.google.com/apis/friendconnect/
http://code.google.com/apis/friendconnect/getting_started.html

Which you can use either as cut-and-paste javascript, or deep integration
with your code using the same OpenSocial API's,

Hope that helps,

   -- Chris

On Wed, Sep 9, 2009 at 2:37 PM, Kenny Dunn <gkennyd...@gmail.com> wrote:

>
> I need to be able to securely identify the user on the back end,
> preferably with their email address. Does anyone have any example of
> this? I know it seems pretty basic, but I'm just getting started.
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to 
opensocial-api+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to