[OpenSocial] Re: How can I pull in friends/contacts of any given user from various opensocial containers?
Exactly how you register on each 3 legged OAuth supporting container kind of varies per container, however with 3 legged OAuth you are *not* limited to whom ever installed your app, instead you make the requests on a per-user-context bases (ie: their access key/secret combo). Why containers want you to register is so that they can have an internal administration of this consumer key and secret belongs to this developer, and if a developer starts doing things that are not allowed (spamming, phishing attempts, etc), they can disable the consumer token/key associated with that developer, and thus block him. So that doesn't have anything to do with being tied to a social gadget, it's just a registration thing. Ps, the containers that currently support 3 legged oauth are: MySpace Netlog Hi5 (though they sometimes bug out on the redirection fase) Plaxo (currently only supports the PortableContacts ie /people interface, though that's likely to be expanded later this year) oh and twitter does too btw (as non opensocial container, they have their own API) Support on Orkut and many other containers is in the works, so expect this list to expand a good bit as the year progresses. -- Chris On Thu, Jun 4, 2009 at 7:31 AM, raji narniraj...@gmail.com wrote: Thank you. I am going for the 3-legged oauth. I found out that MySpace supports it. But even there I need to have a consumer key and consumer secret. Does this mean that I can create any sample app on MySpace and get consumer key secret and use them to access any user public profiles? Or Am I again restricted to those set of users who are suing this sample App? Thanks, Rajesh. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OpenSocial Application Development group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~--~~~~--~~--~--~---
[OpenSocial] Re: How can I pull in friends/contacts of any given user from various opensocial containers?
I have used 3-legged JSP sample given in the opensocial java client to access my MySpace Account. I was able to run the 'request_token.jsp' and i am redirected to the MySpace authorization page. I gave my credentials. Now instead of redirecting to 'callback_url', that i specified in the JSP, it is going to my profile page on MySpace. This is the authorization URL: http://api.myspace.com/authorize?oauth_token=vuVLYVXhzXgBr9g2apWmvZXF7Ledhvzrpx6+Gia4E7Ig5tc3OjIZf75HJcbBZSRtK0vBQTAB5hXVCJ1QkP4sPg==oauth_callback=http://ec2-174-129-135-28.compute-1.amazonaws.com:8080/oauth/threelegged/access_token.jsp Please help me... Thanks, Rajesh. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OpenSocial Application Development group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~--~~~~--~~--~--~---
[OpenSocial] Re: How can I pull in friends/contacts of any given user from various opensocial containers?
OpenSocial doesn't provide any functionality for dealing with username / password authentication, because, well, it's what we would call an anti-pattern, something you shouldn't do. Giving out your super secret login credentials to random sites on the net is a great way to make sure that you have no privacy, your account will be used for spamming and everything you have of worth in your email will be stolen.. what's more, often those same credentials also give access to online web stores like amazon, and financial systems like paypal. In other words, it's a really, really, really bad idea to give out your login name password to a site! That's why OpenSocial instead uses OAuth, it has all the benefits (being able to access resources like friend lists and profile information, that require authentication), and none of the downsides. If you would like to use username/password authentication, well as mentioned, that's something you shouldn't want, but that's often done by screen scraping: http://en.wikipedia.org/wiki/Screen_scraping (ie: doing the posts and fetches your self and parsing the web pages in your code) for the sites that don't have API's for it (and the smart ones have API's that use OAuth instead of username/passwords). -- Chris On Wed, Jun 3, 2009 at 7:18 AM, raji narniraj...@gmail.com wrote: Hi, I am new to opensocial. My requirement is to get the list of friends/contacts of a user given his 'user-id' and 'password'. (similar to getting contacts of gmail, yahoo account). I need to do this from with in a java program. I tried with the opensocial java client and was able to fetch friends from my orkut account. I was able to do this only after registering my orkut account with 'OpenSocial Dev App'. I got the consumer secret and consumer key from orkut sandbox. But it is failing when I am trying to fetch contacts of other users. I think this is because, I am using my consumer key and my consumer secret, instead of the other user. Am I right? Is there any way that I can get the friends/contacts with a similar approach as 'Google Contacts API' by supplying the user's id and password (and get a security token)? I have observed that 'power.com' is pulling in friends from various social containers, by simply taking user-id and password. Are they using Opensocial or individual APIs for each social network? Thanks, Rajesh. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OpenSocial Application Development group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~--~~~~--~~--~--~---
[OpenSocial] Re: How can I pull in friends/contacts of any given user from various opensocial containers?
Yes, I agree with you. But with the 2-legged OAuth approach, it seems like we can access details of a user who has registered with my gadget. But I dont have any gadget running in any social network. Still I would just like to get the contacts of any given user. How can I do that? Should I follow the 3-legged OAuth approach? I have a doubt regarding 3-legged approach. Here does the user have to submit his credentials (to the actual social network) each time he wants to access the data? OR is it a one time setting saved some where in the user's social network account? Thanks, Rajesh --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OpenSocial Application Development group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~--~~~~--~~--~--~---
[OpenSocial] Re: How can I pull in friends/contacts of any given user from various opensocial containers?
Hey Rajesh, 3 legged OAuth is indeed the right solution here; And no once the user goes through the OAuth flow once (ie get redirected to the social site where he has to click 'Grant FOO.COM access to my data'), you get a long lived token that you can keep using indefinitely, or until it is revoked which in practice hardly ever happens. (So once the flow is complete, you store the oauth token for that session in your database for that user) The added benefit of using 3 legged oauth is that it has a user associated with the session, so right after the the authentication you can do a REST call to /rest/people/@me/@self to fetch the profile info of your user, and /rest/people/@me/@friends to download his friends list, and you can refresh and use the activities/etc API's this whenever its appropriate in your app using that same long lived oauth token / secret. -- Chris On Wed, Jun 3, 2009 at 12:27 PM, raji narniraj...@gmail.com wrote: Yes, I agree with you. But with the 2-legged OAuth approach, it seems like we can access details of a user who has registered with my gadget. But I dont have any gadget running in any social network. Still I would just like to get the contacts of any given user. How can I do that? Should I follow the 3-legged OAuth approach? I have a doubt regarding 3-legged approach. Here does the user have to submit his credentials (to the actual social network) each time he wants to access the data? OR is it a one time setting saved some where in the user's social network account? Thanks, Rajesh --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OpenSocial Application Development group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~--~~~~--~~--~--~---
[OpenSocial] Re: How can I pull in friends/contacts of any given user from various opensocial containers?
Thank you. I am going for the 3-legged oauth. I found out that MySpace supports it. But even there I need to have a consumer key and consumer secret. Does this mean that I can create any sample app on MySpace and get consumer key secret and use them to access any user public profiles? Or Am I again restricted to those set of users who are suing this sample App? Thanks, Rajesh. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OpenSocial Application Development group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~--~~~~--~~--~--~---
