Hi, you could take a look at Partuza for how to port the Shindig implementation to your website. You'll need to write your own OAuthAuthenticationService (or something similar) on the server hosting your webapplication. Then this service will be able to access the sessions and cookies to construct and verify the tokens you send in the header of your calls. Currently I'm also busy on implementing this for my own web app... If you'd find some other methods, let me know!!
On Mon, Mar 7, 2011 at 5:33 PM, Folke Mitzlaff <[email protected]>wrote: > Dear List, > > I plan to integrate Shindig into our web application which uses sessions > and cookies for authentication/authorisation based on the spring security > framework. > > Though I searched and browsed the web, I wasn't able to stumble upon the > intended way of integrating (our) external authentication framework into > Shindig. More precisely: Whenever a gadget requests data, e.g., via rpc, our > container 'knows' who is querying - based on the session/cookie information. > But how should I inject these credentials into Shindig, e.g. for validating > the viewer id? > > Any hint is appreciated. > > Best wishes, > > .folke >
