shindig-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davies,Douglas" <davi...@oclc.org>
Subject Re: Validate user in gadget
Date Tue, 31 Mar 2015 17:25:09 GMT
You need to sign the requests and verify it on the server-side.  Perhaps these links will help.

https://opensocial.atlassian.net/wiki/display/OSREF/Introduction+To+Signed+Requests

https://opensocial.atlassian.net/wiki/display/OSREF/Validating+Signed+Requests

https://code.google.com/p/opensocial-oauth-filter/wiki/GettingStarted_en

I’m not sure if this works with sockJS however, since that’s probably not proxied through
shindig.  In that case I think your going to have to figure out how to pass some sort of signed
credentials.  But anything you do there is gonna be exposed in the gadget source code I would
think.

doug

On Mar 31, 2015, at 11:22 AM, adrian.hubacsek@stud.uni-due.de wrote:

> Hello,
> 
> i am writing a gadget for an OpenSocial site (www.graasp.eu). Inside my
> gadget i open a connection to a server. To be exact a vert.x event bus
> opens a connection to my Vert.x backend with the help of sockJS.
> 
> Now i somehow want to check, if the user, who opens the connection, is
> succesfully logged in to the opensocial site to permit the connection.
> 
> Any idea how i can do that? Can i access the oauth token, send it to my
> server and ask the opensocial site, if this token is valid?
> 
> Thanks in advance.
> 



Mime
View raw message