Hi,
I've been using shindig for the last week to implement Opensocial RESTful
API's. That
was mostly a breeze due to nice provided samples - I got most of what I needed
done
within 3-4 days... so thank you all who worked on the project, this allowed me
to build
OpenSocial compliant WS without much effort!
Not to rain on the parade, but the OAuth part of shindig could use a little
more documentation.
(Or maybe I could not find the right documentation). I'm very familiar with the
OAuth conceipt
and understand how it works, but I'm having some trouble figuring out some of
the protocol
basics - basically I want to be able to write a simple php script which will :
fetch a request token
(let's assume that the consumer key/secret is already assigned and available
via the OAuth Data
store) then exchange the request token for an access token, and make a signed
request with
the token. So here's some questions
1. How does the consumer fetch the request token - what is the URL within the
shindig server
that needs to be called and with what arguments? Same question for exchanging
the request token
for access token.
2. What is the most popular signature method? Can I assume
OAuthSignatureMethod_HMAC_SHA1
would be enough or would I need to implement the OAuthSignatureMethod_RSA_SHA1
as well..
3. Is there a step by step guide anywhere which describes the steps needed to
enable the OAuth on
shindig? (I did read through the Partuza implementation, have some idea about
PartuzaOAuthLookupService)
4. Is there a spec on how the consumer should sign requests? What about post
data, is that considered
in the signature too...
I appologize in advance if these questions were asked before - I started
reading the archives but there's
just too much unrelated things - I think it would be good to have a mailing
list just for the OAuth related
questions
Thanks!
-Alex
