Aaron As you suggest below you need some mechanism to convert your APIs user credential into one Shindig can understand. One option available if you have your own Shindig implementation is create your own AuthenticationHandler implementation that recognizes whatever security mechanism your own API uses and create an implementation of SecurityToken from it. Then your API endpoint can just forward it along to Shindig.
-Louis On Fri, Jun 5, 2009 at 12:10 PM, Aaron Hiniker <[email protected]> wrote: > First off, this is my first post to this list and not sure if this is the > appropriate place to post this question—if one of the other lists is more > appropriate, let me know. > > > > We have an application that exposes an XML API into some of our core > services that 3rd parties use to build front-end websites and flash apps > with. > > > > We are using Shindig to expose social networking features through this XML > API. Our initial thoughts are to expose a wrapper to the OpenSocial > RESTful > API, in a manner like: > > > > <api> > > .. some other API stuff .. > > > > <opensocial> > > <restful resource=”/people/{guid}/@friends” method=”GET” > format=”JSON”> > > <![CDATA[… json encoded REQUEST body if applicable … > ]]> > > </restful> > > > > <restful resource=”/people/{guid}/@self” method=”GET” > format=”JSON”> > > <![CDATA[… json encoded REQUEST body if applicable … > ]]> > > </restful> > > </opensocial> > > </api> > > > > > > <api> > > .. some other API stuff .. > > > > <opensocial> > > <restful resource=”/people/{guid}/@friends” method=”GET” > format=”JSON”> > > <![CDATA[… json encoded RESPONSE body if applicable … > ]]> > > </restful> > > > > <restful resource=”/people/{guid}/@self” method=”GET” > format=”JSON”> > > <![CDATA[… json encoded RESPONSE body if applicable … > ]]> > > </restful> > > </opensocial> > > </api> > > > > > > Our API is already tracking the userId (ie, the VIEWER in OS terms). We > want to take in these XML tags and perform REST calls within the server > itself, passing in the raw request body, and returning the raw response > body > through this XML api. > > > > One question: how do we associate the VIEWER to the RESTful calls in this > manner? Does this **have** to happen through an OAuth access token? > > > > I have been researching OAuth and believe that one solution would be to > create a single access token that is associated with our XML API calls, and > when we register users, we automatically create an OAuth access entry for > the user and our XML API. Going that route, we can intercept these RESTful > calls coming in from our XML API, lookup the user’s token based on the > API’s > session, and make a behind-the-scenes local REST call passing this > looked-up > token for each request, and then dump the response back through the XML. > > > > I’m fairly new to OS and OAuth, so I might be overlooking some important > details in this implementation but would greatly appreciate any help in > determining the best way to “wrap” OS RESTful calls from our existing XML > API that currently manages our userbase. > > > > Thanks, > > > > Aaron >
