You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Lini H - Clarion, India" <li...@clariontechnologies.co.in> on 2009/02/17 09:05:34 UTC
OAuth
Hi Chris,
Wanted to know some details about the following:
What is the purpose of OAuth in shindig and how is it implemented.
How are the OAuth keys to be generated for shindig?
Regards,
Lini Haridas
Software Engineer
Clarion Technologies
SEI CMMI Level 3 Company
4th Floor, Great Eastern Plaza,
Airport Road,
Pune- 411 006,
Maharashtra, India.
www.clariontechnologies.co.in
Email: lini.haridas@clariontechnologies.co.in
Mobile: +91 9823435917
Re: OAuth
Posted by Chris Chabot <ch...@google.com>.
If you set allow_anonymous_token => true, clients have full read access to
any information.
However if you want to allow write access too for creating messages,
activities, app data, or simply don't want to open up your data to everyone
without having an ACL in place, then supporting OAuth is required.
-- Chris
On Tue, Feb 17, 2009 at 12:54 PM, Lini H - Clarion, India <
lini.haridas@clariontechnologies.co.in> wrote:
> Hi Chris,
>
> Thnx for the reply. One more thing..Does the OAuth has anything to do with
> the container classes i.e. the REST/RPC interface if the parameter
> "allow_anonymous_token" has been set to true in the config file?
>
> Regards,
> Lini Haridas
> Software Engineer
>
> Clarion Technologies
> SEI CMMI Level 3 Company
>
> 4th Floor, Great Eastern Plaza,
> Airport Road,
> Pune- 411 006,
> Maharashtra, India.
> www.clariontechnologies.co.in
>
> Email: lini.haridas@clariontechnologies.co.in
> Mobile: +91 9823435917
>
> ----- Original Message -----
> From: "Chris Chabot" <ch...@google.com>
> To: <sh...@incubator.apache.org>
> Sent: Tuesday, February 17, 2009 4:40 PM
> Subject: Re: OAuth
>
>
> > There's a number of places where OAuth is/can be used, so the answer
> depends
> > on which usage your referring too :)
> >
> > 1) OAuth for the REST/RPC interface: There are OAuth interfaces in
> shindig
> > which you can fill in, the actual consumer/access token&secret generator
> and
> > validation is done by the container and not by shindig; Partuza has an
> > example that supports both 2 and 3 legged OAuth:
> >
> http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthLookupService.phpand
> >
> http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthDataStore.php(the<http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthDataStore.php%28the>
> > actual 2 legged and 3 legged oauth tokens and secrets are generated by
> > partuza, you can find them in your edit profile -> oauth tab for the 3
> > legged version, and edit applications for the 2 legged kind)
> >
> > 2) Signed requests, you create the keys by following the instructions
> from
> > shindig/php/certs/README
> >
> > 3) OAuth in gadgets (aka the OAuth proxy), where shindig proxies OAuth
> > requests from a gadget to a 3rd party REST/OAuth service, see
> > http://code.google.com/apis/gadgets/docs/oauth.html for the basic
> > documentation and the keys should be stored in shindig/config/oauth.json
> >
> > Hope that helps to get you started!
> >
> > -- Chris
> >
> > On Tue, Feb 17, 2009 at 9:05 AM, Lini H - Clarion, India <
> > lini.haridas@clariontechnologies.co.in> wrote:
> >
> >> Hi Chris,
> >>
> >> Wanted to know some details about the following:
> >>
> >> What is the purpose of OAuth in shindig and how is it implemented.
> >> How are the OAuth keys to be generated for shindig?
> >>
> >> Regards,
> >> Lini Haridas
> >> Software Engineer
> >>
> >> Clarion Technologies
> >> SEI CMMI Level 3 Company
> >>
> >> 4th Floor, Great Eastern Plaza,
> >> Airport Road,
> >> Pune- 411 006,
> >> Maharashtra, India.
> >> www.clariontechnologies.co.in
> >>
> >> Email: lini.haridas@clariontechnologies.co.in
> >> Mobile: +91 9823435917
> >>
> >>
> >>
> >
>
Re: OAuth
Posted by "Lini H - Clarion, India" <li...@clariontechnologies.co.in>.
Hi Chris,
Thnx for the reply. One more thing..Does the OAuth has anything to do with the container classes i.e. the REST/RPC interface if the parameter "allow_anonymous_token" has been set to true in the config file?
Regards,
Lini Haridas
Software Engineer
Clarion Technologies
SEI CMMI Level 3 Company
4th Floor, Great Eastern Plaza,
Airport Road,
Pune- 411 006,
Maharashtra, India.
www.clariontechnologies.co.in
Email: lini.haridas@clariontechnologies.co.in
Mobile: +91 9823435917
----- Original Message -----
From: "Chris Chabot" <ch...@google.com>
To: <sh...@incubator.apache.org>
Sent: Tuesday, February 17, 2009 4:40 PM
Subject: Re: OAuth
> There's a number of places where OAuth is/can be used, so the answer depends
> on which usage your referring too :)
>
> 1) OAuth for the REST/RPC interface: There are OAuth interfaces in shindig
> which you can fill in, the actual consumer/access token&secret generator and
> validation is done by the container and not by shindig; Partuza has an
> example that supports both 2 and 3 legged OAuth:
> http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthLookupService.phpand
> http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthDataStore.php(the
> actual 2 legged and 3 legged oauth tokens and secrets are generated by
> partuza, you can find them in your edit profile -> oauth tab for the 3
> legged version, and edit applications for the 2 legged kind)
>
> 2) Signed requests, you create the keys by following the instructions from
> shindig/php/certs/README
>
> 3) OAuth in gadgets (aka the OAuth proxy), where shindig proxies OAuth
> requests from a gadget to a 3rd party REST/OAuth service, see
> http://code.google.com/apis/gadgets/docs/oauth.html for the basic
> documentation and the keys should be stored in shindig/config/oauth.json
>
> Hope that helps to get you started!
>
> -- Chris
>
> On Tue, Feb 17, 2009 at 9:05 AM, Lini H - Clarion, India <
> lini.haridas@clariontechnologies.co.in> wrote:
>
>> Hi Chris,
>>
>> Wanted to know some details about the following:
>>
>> What is the purpose of OAuth in shindig and how is it implemented.
>> How are the OAuth keys to be generated for shindig?
>>
>> Regards,
>> Lini Haridas
>> Software Engineer
>>
>> Clarion Technologies
>> SEI CMMI Level 3 Company
>>
>> 4th Floor, Great Eastern Plaza,
>> Airport Road,
>> Pune- 411 006,
>> Maharashtra, India.
>> www.clariontechnologies.co.in
>>
>> Email: lini.haridas@clariontechnologies.co.in
>> Mobile: +91 9823435917
>>
>>
>>
>
Re: OAuth
Posted by Chris Chabot <ch...@google.com>.
There's a number of places where OAuth is/can be used, so the answer depends
on which usage your referring too :)
1) OAuth for the REST/RPC interface: There are OAuth interfaces in shindig
which you can fill in, the actual consumer/access token&secret generator and
validation is done by the container and not by shindig; Partuza has an
example that supports both 2 and 3 legged OAuth:
http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthLookupService.phpand
http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthDataStore.php(the
actual 2 legged and 3 legged oauth tokens and secrets are generated by
partuza, you can find them in your edit profile -> oauth tab for the 3
legged version, and edit applications for the 2 legged kind)
2) Signed requests, you create the keys by following the instructions from
shindig/php/certs/README
3) OAuth in gadgets (aka the OAuth proxy), where shindig proxies OAuth
requests from a gadget to a 3rd party REST/OAuth service, see
http://code.google.com/apis/gadgets/docs/oauth.html for the basic
documentation and the keys should be stored in shindig/config/oauth.json
Hope that helps to get you started!
-- Chris
On Tue, Feb 17, 2009 at 9:05 AM, Lini H - Clarion, India <
lini.haridas@clariontechnologies.co.in> wrote:
> Hi Chris,
>
> Wanted to know some details about the following:
>
> What is the purpose of OAuth in shindig and how is it implemented.
> How are the OAuth keys to be generated for shindig?
>
> Regards,
> Lini Haridas
> Software Engineer
>
> Clarion Technologies
> SEI CMMI Level 3 Company
>
> 4th Floor, Great Eastern Plaza,
> Airport Road,
> Pune- 411 006,
> Maharashtra, India.
> www.clariontechnologies.co.in
>
> Email: lini.haridas@clariontechnologies.co.in
> Mobile: +91 9823435917
>
>
>