Hi folke, It sounds like you're trying to figure out how to tell Shindig who the current user is when gadgets use API's like gadgets.io.makeRequest or opensocial.newDataRequest -- and for that we use the SecurityToken:
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/SecurityToken.java SecurityTokens are typically generated by the container (your application) and then added to the gadget iframe URL as a request parameter (st=container:security-token-here). Shindig can then pick it up to be used at gadget render time for things like server side data pipelining, and then on the client side the gadgets API parses out the token to be used when making calls back to Shindig for things like makeRequest or OpenSocial data calls. Security tokens are typically encrypted and usually short lived since (depending on how they're passed to shindig) they can be easily leaked in HTTP referrers. You can find an example of generating security tokens in OSEC (a Java based OpenSocial container) here: http://code.google.com/p/osec/source/browse/src/org/mitre/portal/security/impl/EncryptedBlobSecurityTokenService.java Or if you're working with PHP you can also have a look at Partuza (a PHP based OpenSocial container). --Jesse >-----Original Message----- >From: Folke Mitzlaff [mailto:[email protected]] >Sent: Monday, March 07, 2011 11:34 AM >To: [email protected] >Subject: Integration with Custom Authentication > >Dear List, > >I plan to integrate Shindig into our web application which uses sessions >and cookies for authentication/authorisation based on the spring >security framework. > >Though I searched and browsed the web, I wasn't able to stumble upon the >intended way of integrating (our) external authentication framework into >Shindig. More precisely: Whenever a gadget requests data, e.g., via rpc, >our container 'knows' who is querying - based on the session/cookie >information. But how should I inject these credentials into Shindig, >e.g. for validating the viewer id? > >Any hint is appreciated. > >Best wishes, > >.folke
