shindig-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ram Sharma" <ramsharma...@gmail.com>
Subject Re: Restful API -- identify which application using calling the API?
Date Mon, 01 Sep 2008 05:05:21 GMT
Hi Weijie,

I think, the open social site from which you are planning to fetch data,
should support the auth calls that means that site has to be OAuth Service
Provider and It that site is OAuth SP than it should also provide some
documentation about its oauth services.

If all of the above are in place than you can easily make oauth gadget to
call the data from that site.


Please Note: The site on which you are going to post gadget should also
support auth calls from gadgets.

Chris, Please put your feedbacks too :)

On Sun, Aug 31, 2008 at 7:45 PM, Weijie Qu <quweijie@gmail.com> wrote:

> Hi Chris & Ram,
>
> If don't not use direct url call such as
> http://localhost:8012/social/rest/people/10050/@self, is there any other
> Restful way which is supported by OAuth?
>
> I want to post a gadget  on an opensocial enabled site to fetch data from
> another opensocial enabled site, both using shindig. Any suggestions on how
> to achieve this?
>
> 2008/8/28 Chris Chabot <chabotc@xs4all.nl>
>
> > On Aug 28, 2008, at 7:14 AM, Ram Sharma wrote:
> >
> >  Restful API are not fully implemented for direct url call as that will
> >> need
> >> OAuth support. In that case OAuth token will be passed to identify
> >> application's authenticity. Right now no authentication is done in
> direct
> >> url calls like :
> >> http://localhost:8012/social/rest/people/10050/@self
> >> Which are known as anonyms calls and allowed till the OAuth support is
> >> implemented. but when you run any container for example sample container
> >> it sends the
> >> security token to the server.
> >>
> >> Chris please correct me if I am wrong.
> >>
> >
> > Your absolutely 100% correct.
> >
> > What i did to test some of the RESTful calls as non anonymous owner, is
> set
> > allow_plaintext_token to true and construct my own owner:viewer:etc type
> > token, or taking a valid encrypted security token from an iframe
> (st=<lots
> > of text>), that way you can debug and play with all the functionality
> > without having to wait for oauth to be completed.
> >
> >        -- Chris
> >
>



-- 
Ram Sharma
Software Engineer
Impetus Infotech (India) Pvt Ltd
Indore

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message