Return-Path: X-Original-To: apmail-shindig-users-archive@minotaur.apache.org Delivered-To: apmail-shindig-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E567017342 for ; Tue, 31 Mar 2015 17:26:01 +0000 (UTC) Received: (qmail 54402 invoked by uid 500); 31 Mar 2015 17:26:01 -0000 Delivered-To: apmail-shindig-users-archive@shindig.apache.org Received: (qmail 54373 invoked by uid 500); 31 Mar 2015 17:26:01 -0000 Mailing-List: contact users-help@shindig.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@shindig.apache.org Delivered-To: mailing list users@shindig.apache.org Received: (qmail 54362 invoked by uid 99); 31 Mar 2015 17:26:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Mar 2015 17:26:01 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of daviesd@oclc.org designates 132.174.29.209 as permitted sender) Received: from [132.174.29.209] (HELO mshieldserver1.oclc.org) (132.174.29.209) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 31 Mar 2015 17:25:36 +0000 Received: From na01-bn1-obe.outbound.protection.outlook.com ([207.46.163.144]) by mshieldserver1.oclc.org (WebShield SMTP v4.5 MR3) id 14278227125; Tue, 31 Mar 2015 13:25:12 -0400 Received: from BN1PR06MB119.namprd06.prod.outlook.com (10.255.204.25) by BN1PR06MB117.namprd06.prod.outlook.com (10.255.204.17) with Microsoft SMTP Server (TLS) id 15.1.125.19; Tue, 31 Mar 2015 17:25:09 +0000 Received: from BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.153]) by BN1PR06MB119.namprd06.prod.outlook.com ([169.254.14.153]) with mapi id 15.01.0125.002; Tue, 31 Mar 2015 17:25:09 +0000 From: "Davies,Douglas" To: "users@shindig.apache.org" Subject: Re: Validate user in gadget Thread-Topic: Validate user in gadget Thread-Index: AQHQa8cNd4X9w660JUmqdu49TQGYxZ0217WA Date: Tue, 31 Mar 2015 17:25:09 +0000 Message-ID: <6E309BBA-7F66-4D54-97BF-E85547A3921E@oclc.org> References: <51152.BlsGShhRQBY=.1427815343.squirrel@webmail.uni-duisburg-essen.de> In-Reply-To: <51152.BlsGShhRQBY=.1427815343.squirrel@webmail.uni-duisburg-essen.de> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [132.174.23.231] authentication-results: shindig.apache.org; dkim=none (message not signed) header.d=none; x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR06MB117; x-microsoft-antispam-prvs: x-forefront-antispam-report: BMV:1;SFV:NSPM;SFS:(10009020)(6009001)(377454003)(51874003)(24454002)(33656002)(99286002)(92566002)(15975445007)(19580395003)(36756003)(122556002)(2950100001)(19580405001)(2501003)(77156002)(46102003)(40100003)(83716003)(107886001)(2900100001)(102836002)(2351001)(50986999)(450100001)(54356999)(62966003)(86362001)(82746002)(2656002)(106116001)(66066001)(87936001)(76176999)(104396002);DIR:OUT;SFP:1101;SCL:1;SRVR:BN1PR06MB117;H:BN1PR06MB119.namprd06.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en; x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(601004)(5005006)(5002010);SRVR:BN1PR06MB117;BCL:0;PCL:0;RULEID:;SRVR:BN1PR06MB117; x-forefront-prvs: 0532BF6DC2 Content-Type: text/plain; charset="Windows-1252" Content-ID: <19D589794441994F837182B59D952513@namprd06.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: oclc.org X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Mar 2015 17:25:09.4460 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 516a75d7-dc98-4163-a03f-f918d2a2bc9a X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR06MB117 X-Virus-Checked: Checked by ClamAV on apache.org You need to sign the requests and verify it on the server-side. Perhaps th= ese links will help. https://opensocial.atlassian.net/wiki/display/OSREF/Introduction+To+Signed+= Requests https://opensocial.atlassian.net/wiki/display/OSREF/Validating+Signed+Reque= sts https://code.google.com/p/opensocial-oauth-filter/wiki/GettingStarted_en I=92m not sure if this works with sockJS however, since that=92s probably n= ot proxied through shindig. In that case I think your going to have to fig= ure out how to pass some sort of signed credentials. But anything you do t= here is gonna be exposed in the gadget source code I would think. doug On Mar 31, 2015, at 11:22 AM, adrian.hubacsek@stud.uni-due.de wrote: > Hello, >=20 > i am writing a gadget for an OpenSocial site (www.graasp.eu). Inside my > gadget i open a connection to a server. To be exact a vert.x event bus > opens a connection to my Vert.x backend with the help of sockJS. >=20 > Now i somehow want to check, if the user, who opens the connection, is > succesfully logged in to the opensocial site to permit the connection. >=20 > Any idea how i can do that? Can i access the oauth token, send it to my > server and ask the opensocial site, if this token is valid? >=20 > Thanks in advance. >=20