Hi Nuwan, I believe it is possible for a container to negotiate consumer keys and secrets on behalf of gadgets automatically, but it's not something we've looked into implementing in our container yet. We've only got basic OAuth support working so far, which involved writing our own database backed OAuthStore implementation and providing UI in our container for gadgets developers to specify their consumer keys and secrets when adding gadgets to the repository.
I did happen to notice the following relevant note in the class comments for the OAuthStore interface talking about what data an OAuthStore implementation needs to persist: "information about consumer keys and secrets that gadgets might have negotiated with OAuth service providers, or that containers might have negotiated on behalf of the gadgets" It sounds like the iGoogle container has in fact implemented auto negotiation of consumer keys and secrets for gadgets already. Maybe some of the folks who work on iGoogle could comment further about how to go about implementing such a feature -- although I suspect the answer may already be spelled out in the OAuth documentation (I haven't gone looking for it yet). --Jesse -----Original Message----- From: Nuwan Bandara [mailto:[email protected]] Sent: Thursday, February 18, 2010 11:43 AM To: [email protected] Subject: Re: Clarification on OAuth Gadgets Hi jesse, Thanks for your suggestion. but am curious, hence iGoogle does not need any token from the gadget developer to use OAuth gadgets. Which means the gadget developer can add the *http://foo.com/bar.xml *without any consumer keys or tokens giving to igoogle container. how is this possible? Thanks & Regards /Nuwan On Thu, Feb 18, 2010 at 7:26 PM, Ciancetta, Jesse E. <[email protected]>wrote: > Hi Nuwan, > > The OAuthStore implementation that ships with Shindig > (org.apache.shindig.gadgets.oauth.BasicOAuthStore) uses a JSON based > configuration file for storing consumer keys and secrets and an in memory > map for storing access tokens (which get wiped out every time you restart > the servlet container). > > To use Shindig OAuth support in a production environment you'll need to > provide your own implementation of the > org.apache.shindig.gadgets.oauth.OAuthStore interface -- the BasicOAuthStore > serves as a good reference for exactly what your implementation will need to > do. > > You'll also need to provide a mechanism for your gadget developers to > register consumer keys and secrets for their gadgets. > > --Jesse > > -----Original Message----- > From: Nuwan Bandara [mailto:[email protected]] > Sent: Thursday, February 18, 2010 1:58 AM > To: [email protected] > Subject: Clarification on OAuth Gadgets > > Hi, > > I am in the process of testing OAuth Gadgets in shindig. I managed to get > the sample OAuth gadget (google contacts gadget [1]) working in shindig. > how > ever if I want to add a gadget which is hosted at > *http://foo.com/bar.xml* It seems I need to get a consumer key from google > (thinking that the same contact gadget hosted in foo.com) and add that to > the *conf/oauth.json*. > > This is not practical if the shindig is hosted and open for users to host > gadgets in it. hence users cannot edit the* oauth.json* file to add the > keys > and gadget urls. is there a solution for this situation ? > > > [1] http://dirk.balfanz.googlepages.com/contacts.xml< > http://www.google.com/url?sa=D&q=http://dirk.balfanz.googlepages.com/contacts.xml&usg=AFQjCNGPvRi7sauro2w3OLkx9MXknHQy4A > > > > Thanks & Regards > -- > /Nuwan > -- Nuwan Bandara - www.nuwanbando.com - Stranger Than Fiction [ http://www.linkedin.com/in/nuwanbandara ] [ http://www.twitter.com/nuwanbando ]
