This code seems pretty useless to me. I think the ideal way to get the
viewer / owner / app id would be to do one of the following:
- Pass them unencrypted into iframe params (encourages developers to rely on
them being there or to not use signed / oauth requests, which is bad)
- Retrieve them from the parent page using gadgets.rpc (my preferred
solution)
- Retrieve them from the social data service
On Sun, May 11, 2008 at 4:24 PM, Brian Eaton <[EMAIL PROTECTED]> wrote:
> Hey folks -
>
> Can someone explain what restfultoken.js is doing in this code?
>
> // Hopefully we can get rid of these with special @viewer and @owner
> tokens
> // in the restful spec.
> RestfulContainer.prototype.parseSecurityToken = function() {
> var parts = this.securityToken_.split(":");
> this.ownerId_ = parts[0];
> this.viewerId_ = parts[1];
> this.appId_ = parts[2];
> };
>
> That isn't going to work in the real world, since the gadget auth
> token is encrypted. I'd like to move the security token handling into
> its own javascript package, but I don't see any way to migrate that
> code.
>
> Cheers,
> Brian
>
