Hi Chris,
Working late? Appreciate the reply... I was just trying to make sure that I'm not missing anything (In terms of implementing OAuth support in a "shindig" way, not my own way) >but the XRDS document, the URL's and how the tokens are generated & tested is >a container affair. OK, are there any recommendations... So in case a social app that uses OAuth which was written for MySpace will need to adjust for Orkut/Hi5? I just want to follow some sort of "best practise", I suppose. >I happen to know about the PHP one, so I'll address that Thanks that's what I'm using, I should have mentioned The client samples are very useful! Gives me some idea about what other sites are doing B-) -Alex ----- Original Message ----- From: "Chris Chabot" <[email protected]> To: [email protected] Sent: Friday, March 6, 2009 2:59:22 AM GMT -08:00 US/Canada Pacific Subject: Re: Enabling OAuth guide Hey Alex, The reason this might seem lacking in Shindig is because most of the heavy lifting of OAuth has to be done by the containing website, and not by shindig. Shindig does provide some hooks to make this easier, but the XRDS document, the URL's and how the tokens are generated & tested is a container affair. The Java and PHP versions of shindig are a bit different in how they solved it, I happen to know about the PHP one, so I'll address that (Cassie Doll & Paul Lindner are probably the ones to ask for how to do this in the java version). To implement OAuth support for the REST/RPC end points you need to create a OAuthLookupService (extending shindig's OAuthLookupService class) and tell shindig to use this class by editing the configuration (shindig/php/config/container.php), the example in Partuza (demo open social site written in php) supports both 2 and 3 legged OAuth tokens: http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthLookupService.php Then you also need to create a custom OAuthDataStore class (extending the oauth library's OAuthDataStore class), in which you do the actual token work, the example from partuza can be found at: http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthDataStore.php If you want to test this with a client script in PHP, it might be worth checking out : http://code.google.com/p/opensocial-php-client/ which supports the full REST&RPC protocols, XRDS and OAuth (2 and 3 legged) and makes testing the REST/RPC endpoints and XRDS & OAuth a lot easier :) Hope that helps! -- Chris
