You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Ram Sharma <ra...@gmail.com> on 2008/09/01 07:05:21 UTC
Re: Restful API -- identify which application using calling the API?
Hi Weijie,
I think, the open social site from which you are planning to fetch data,
should support the auth calls that means that site has to be OAuth Service
Provider and It that site is OAuth SP than it should also provide some
documentation about its oauth services.
If all of the above are in place than you can easily make oauth gadget to
call the data from that site.
Please Note: The site on which you are going to post gadget should also
support auth calls from gadgets.
Chris, Please put your feedbacks too :)
On Sun, Aug 31, 2008 at 7:45 PM, Weijie Qu <qu...@gmail.com> wrote:
> Hi Chris & Ram,
>
> If don't not use direct url call such as
> http://localhost:8012/social/rest/people/10050/@self, is there any other
> Restful way which is supported by OAuth?
>
> I want to post a gadget on an opensocial enabled site to fetch data from
> another opensocial enabled site, both using shindig. Any suggestions on how
> to achieve this?
>
> 2008/8/28 Chris Chabot <ch...@xs4all.nl>
>
> > On Aug 28, 2008, at 7:14 AM, Ram Sharma wrote:
> >
> > Restful API are not fully implemented for direct url call as that will
> >> need
> >> OAuth support. In that case OAuth token will be passed to identify
> >> application's authenticity. Right now no authentication is done in
> direct
> >> url calls like :
> >> http://localhost:8012/social/rest/people/10050/@self
> >> Which are known as anonyms calls and allowed till the OAuth support is
> >> implemented. but when you run any container for example sample container
> >> it sends the
> >> security token to the server.
> >>
> >> Chris please correct me if I am wrong.
> >>
> >
> > Your absolutely 100% correct.
> >
> > What i did to test some of the RESTful calls as non anonymous owner, is
> set
> > allow_plaintext_token to true and construct my own owner:viewer:etc type
> > token, or taking a valid encrypted security token from an iframe
> (st=<lots
> > of text>), that way you can debug and play with all the functionality
> > without having to wait for oauth to be completed.
> >
> > -- Chris
> >
>
--
Ram Sharma
Software Engineer
Impetus Infotech (India) Pvt Ltd
Indore
Re: Restful API -- identify which application using calling the API?
Posted by Ram Sharma <ra...@gmail.com>.
Hi Weijie,
umm... I am just a contributor on shindig php so don't know about the plans
in detail :) I think Chris has created an issue for implementing the same
and probably he is working on that also. Hope that will be completed soon.
Chris would you like to say something?
On Mon, Sep 1, 2008 at 2:10 PM, Weijie Qu <qu...@gmail.com> wrote:
> Thanks for your quick response!
>
> If my site is providing the data and data API is exposed as RESTful
> interfaces(I am using php shindig). Just you mentioned above, the GET
> method
> of RESTful interfaces is anonymous access now. So would you pls kindly let
> me know what's the plan of OAuth for Restful API in shindig? Thanks!
>
> 2008/9/1 Ram Sharma <ra...@gmail.com>
>
> > Hi Weijie,
> >
> > I think, the open social site from which you are planning to fetch data,
> > should support the auth calls that means that site has to be OAuth
> Service
> > Provider and It that site is OAuth SP than it should also provide some
> > documentation about its oauth services.
> >
> > If all of the above are in place than you can easily make oauth gadget to
> > call the data from that site.
> >
> >
> > Please Note: The site on which you are going to post gadget should also
> > support auth calls from gadgets.
> >
> > Chris, Please put your feedbacks too :)
> >
> > On Sun, Aug 31, 2008 at 7:45 PM, Weijie Qu <qu...@gmail.com> wrote:
> >
> > > Hi Chris & Ram,
> > >
> > > If don't not use direct url call such as
> > > http://localhost:8012/social/rest/people/10050/@self, is there any
> other
> > > Restful way which is supported by OAuth?
> > >
> > > I want to post a gadget on an opensocial enabled site to fetch data
> from
> > > another opensocial enabled site, both using shindig. Any suggestions on
> > how
> > > to achieve this?
> > >
> > > 2008/8/28 Chris Chabot <ch...@xs4all.nl>
> > >
> > > > On Aug 28, 2008, at 7:14 AM, Ram Sharma wrote:
> > > >
> > > > Restful API are not fully implemented for direct url call as that
> will
> > > >> need
> > > >> OAuth support. In that case OAuth token will be passed to identify
> > > >> application's authenticity. Right now no authentication is done in
> > > direct
> > > >> url calls like :
> > > >> http://localhost:8012/social/rest/people/10050/@self
> > > >> Which are known as anonyms calls and allowed till the OAuth support
> is
> > > >> implemented. but when you run any container for example sample
> > container
> > > >> it sends the
> > > >> security token to the server.
> > > >>
> > > >> Chris please correct me if I am wrong.
> > > >>
> > > >
> > > > Your absolutely 100% correct.
> > > >
> > > > What i did to test some of the RESTful calls as non anonymous owner,
> is
> > > set
> > > > allow_plaintext_token to true and construct my own owner:viewer:etc
> > type
> > > > token, or taking a valid encrypted security token from an iframe
> > > (st=<lots
> > > > of text>), that way you can debug and play with all the functionality
> > > > without having to wait for oauth to be completed.
> > > >
> > > > -- Chris
> > > >
> > >
> >
> >
> >
> > --
> > Ram Sharma
> > Software Engineer
> > Impetus Infotech (India) Pvt Ltd
> > Indore
> >
>
--
Ram Sharma
Software Engineer
Impetus Infotech (India) Pvt Ltd
Indore
Re: Restful API -- identify which application using calling the API?
Posted by Weijie Qu <qu...@gmail.com>.
Thanks for your quick response!
If my site is providing the data and data API is exposed as RESTful
interfaces(I am using php shindig). Just you mentioned above, the GET method
of RESTful interfaces is anonymous access now. So would you pls kindly let
me know what's the plan of OAuth for Restful API in shindig? Thanks!
2008/9/1 Ram Sharma <ra...@gmail.com>
> Hi Weijie,
>
> I think, the open social site from which you are planning to fetch data,
> should support the auth calls that means that site has to be OAuth Service
> Provider and It that site is OAuth SP than it should also provide some
> documentation about its oauth services.
>
> If all of the above are in place than you can easily make oauth gadget to
> call the data from that site.
>
>
> Please Note: The site on which you are going to post gadget should also
> support auth calls from gadgets.
>
> Chris, Please put your feedbacks too :)
>
> On Sun, Aug 31, 2008 at 7:45 PM, Weijie Qu <qu...@gmail.com> wrote:
>
> > Hi Chris & Ram,
> >
> > If don't not use direct url call such as
> > http://localhost:8012/social/rest/people/10050/@self, is there any other
> > Restful way which is supported by OAuth?
> >
> > I want to post a gadget on an opensocial enabled site to fetch data from
> > another opensocial enabled site, both using shindig. Any suggestions on
> how
> > to achieve this?
> >
> > 2008/8/28 Chris Chabot <ch...@xs4all.nl>
> >
> > > On Aug 28, 2008, at 7:14 AM, Ram Sharma wrote:
> > >
> > > Restful API are not fully implemented for direct url call as that will
> > >> need
> > >> OAuth support. In that case OAuth token will be passed to identify
> > >> application's authenticity. Right now no authentication is done in
> > direct
> > >> url calls like :
> > >> http://localhost:8012/social/rest/people/10050/@self
> > >> Which are known as anonyms calls and allowed till the OAuth support is
> > >> implemented. but when you run any container for example sample
> container
> > >> it sends the
> > >> security token to the server.
> > >>
> > >> Chris please correct me if I am wrong.
> > >>
> > >
> > > Your absolutely 100% correct.
> > >
> > > What i did to test some of the RESTful calls as non anonymous owner, is
> > set
> > > allow_plaintext_token to true and construct my own owner:viewer:etc
> type
> > > token, or taking a valid encrypted security token from an iframe
> > (st=<lots
> > > of text>), that way you can debug and play with all the functionality
> > > without having to wait for oauth to be completed.
> > >
> > > -- Chris
> > >
> >
>
>
>
> --
> Ram Sharma
> Software Engineer
> Impetus Infotech (India) Pvt Ltd
> Indore
>