Thank you. Your answer is really helpful. I just misinterpreted how OAuth works. I thought a gadget need to login via OAuth to access protected resource. It's not true.
So 3rd app server talk to my site's data via OAuth. Do I mean right? On Sep 23, 9:15 pm, Chris Chabot <chab...@google.com> wrote: > Hey Ruiyu, > > Shindig doesn't require OAuth for gadget rendering and gadget's social > requests, instead it uses a security token which is parsed on the iframe > (?st=<your encrypted security token>), if you don't mind reading PHP to much > Partuza is a sample project that demonstrates how to create the correct > IFrame url's for gadget rendering, and how to implement the social > functions; While it is in PHP the Java version of shindig works exactly the > same so the knowledge is reusable between languages. > > Because all the required data (owner, viewer, container, app id, mod id, > etc) is parsed through this security token there's no need for OAuth in that > flow, and the user never has a double login (did you look at any of the > opensocial supporting sites like myspace, netlog, hi5, linkedin etc? You > must have noticed that there are no double logins right? :) > > OAuth does come into the picture if you want to enable server to server type > calls, the way you would intergrate it with your system is by implementing > the OAuth class and chaining through any authentication to your CAS dealing > code, really there shouldn't be to much of a difference between a regular DB > lookup and using a different (CAS, LDAP, etc) type system. > > On Wed, Sep 23, 2009 at 5:17 AM, ruiyu <ruiyu...@gmail.com> wrote: > > > Hi, everybody! > > > I would like to deploy Shindig and add some gadgets to my own BBS. But > > now I happen to a problem. > > > My BBS is implemented in CAS authorization, and I can't change it > > since some reason. > > > But now I want to give the capability to gadgets developers to access > > my BBS's protected data, such as profiles and other user info. So I > > have to implement OAuth mechanism. > > > So do I have to combine CAS and OAuth in my BBS? > > > ----------------------------- > > > Another question. > > > In CAS, Browser accesses my BBS private data by CAS ticket, while > > gadgets fetch data via xx-Tokens through shindig by OAuth. > > So the User have to login in BBS twice? > > and how to avoid this? > > > I expect to your answer. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---