You need to sign the requests and verify it on the server-side. Perhaps these links will help.
https://opensocial.atlassian.net/wiki/display/OSREF/Introduction+To+Signed+Requests https://opensocial.atlassian.net/wiki/display/OSREF/Validating+Signed+Requests https://code.google.com/p/opensocial-oauth-filter/wiki/GettingStarted_en I’m not sure if this works with sockJS however, since that’s probably not proxied through shindig. In that case I think your going to have to figure out how to pass some sort of signed credentials. But anything you do there is gonna be exposed in the gadget source code I would think. doug On Mar 31, 2015, at 11:22 AM, [email protected] wrote: > Hello, > > i am writing a gadget for an OpenSocial site (www.graasp.eu). Inside my > gadget i open a connection to a server. To be exact a vert.x event bus > opens a connection to my Vert.x backend with the help of sockJS. > > Now i somehow want to check, if the user, who opens the connection, is > succesfully logged in to the opensocial site to permit the connection. > > Any idea how i can do that? Can i access the oauth token, send it to my > server and ask the opensocial site, if this token is valid? > > Thanks in advance. >
