The token is something that is generated by the container (the social network site), and is digested by shindig and it contains the: - owner id - viewer id - app id - module id - gadget url - container name
Javascript has nothing to do with this, except that it passes the binary encrypted blob along from it's iframe url value (the container put it there), to the social back-end calls it makes (aka shindig). The reason it needs to be encrypted is because it provides the security that the owner == the actual owner and the viewer == the actual viewer, without the protection from encryption you could fake your own token and pretend to be anyone... which is bad :) Now the confusion probably comes from the fact that the -static demo container- uses a fake, plain text, demo token .. in the format of "owner:viewer:etc:etc". This is just because it's hard to make proper encrypted tokens in javascript, and because it's kind of nice to be able to edit it in a demo environment ... however this is *not* at all meant for anything like a real site / situation and is only there for demo reasons! So all that plain text token stuff you see in javascript, please just forget you saw that when your thinking about a real implementation :) -- Chris On Tue, Nov 4, 2008 at 10:26 AM, nvgigigan <[EMAIL PROTECTED]> wrote: > > I do implement the all shindig thing in our web site and did test with > a non encoded secure token (everything was working pretty well) > except that I cant found the right way to use an encoded secure token > now. > I'm using the javascript to create a valid container so I guess it's > somewhere inside the javascript? > > I saw in partuza that you're using PHP to generate the container, and > I understand the code, but I didn't understand in JS > > Thanks for your help > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Implementing OpenSocial Containers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-container?hl=en -~----------~----~----~----~------~----~------~--~---
