On Jan 29, 2008 5:39 PM, Reinoud Elhorst <[EMAIL PROTECTED]> wrote: > Presently, I'm at the point where pretty much everything works except for > the API calls back to the site; I wanted to make sure I was going in the > right direction with regard to the exchange of the security token.
There is very little server-side container implemented in Shindig at the moment. I'm taking a first pass at it. Feedback on the approach is welcome: - user logs in to the container - container uses the GadgetServer to render the gadget in 'Container' mode (which doesn't do much at the moment) - container uses GadgetSigner (which I'm renaming to GadgetTokenSigner) to create the security token for the gadget - container creates an iframe that passes in the security token like this: <iframe src='/gadgets/ifr?url=<gadget>&mid=<module-id>#st=<the security token> - GadgetServer behind /gadgets/ifr works its magic to render the gadget. - gadgets.io javascript pulls security token out of the URL. - gadgets.io javascripts passes security token as X-Gadget-Security-Token in XHR requests to the JSON proxy. Cheers, Brian
