Hi Jesse, Thanks for the comment and the clarification, hope one of the iGoogle folks can add a comment to this thread about the implementation.
Thanks & Regards /Nuwan On Thu, Feb 18, 2010 at 10:42 PM, Ciancetta, Jesse E. <[email protected]>wrote: > Hi Nuwan, > > I believe it is possible for a container to negotiate consumer keys and > secrets on behalf of gadgets automatically, but it's not something we've > looked into implementing in our container yet. We've only got basic OAuth > support working so far, which involved writing our own database backed > OAuthStore implementation and providing UI in our container for gadgets > developers to specify their consumer keys and secrets when adding gadgets to > the repository. > > I did happen to notice the following relevant note in the class comments > for the OAuthStore interface talking about what data an OAuthStore > implementation needs to persist: > > "information about consumer keys and secrets that gadgets might have > negotiated with OAuth service providers, or that containers might have > negotiated on behalf of the gadgets" > > It sounds like the iGoogle container has in fact implemented auto > negotiation of consumer keys and secrets for gadgets already. > > Maybe some of the folks who work on iGoogle could comment further about how > to go about implementing such a feature -- although I suspect the answer may > already be spelled out in the OAuth documentation (I haven't gone looking > for it yet). > > --Jesse > > -----Original Message----- > From: Nuwan Bandara [mailto:[email protected]] > Sent: Thursday, February 18, 2010 11:43 AM > To: [email protected] > Subject: Re: Clarification on OAuth Gadgets > > Hi jesse, > > Thanks for your suggestion. but am curious, hence iGoogle does not need any > token from the gadget developer to use OAuth gadgets. Which means the > gadget > developer can add the *http://foo.com/bar.xml *without any consumer keys > or > tokens giving to igoogle container. how is this possible? > > Thanks & Regards > /Nuwan > > On Thu, Feb 18, 2010 at 7:26 PM, Ciancetta, Jesse E. <[email protected] > >wrote: > > > Hi Nuwan, > > > > The OAuthStore implementation that ships with Shindig > > (org.apache.shindig.gadgets.oauth.BasicOAuthStore) uses a JSON based > > configuration file for storing consumer keys and secrets and an in memory > > map for storing access tokens (which get wiped out every time you restart > > the servlet container). > > > > To use Shindig OAuth support in a production environment you'll need to > > provide your own implementation of the > > org.apache.shindig.gadgets.oauth.OAuthStore interface -- the > BasicOAuthStore > > serves as a good reference for exactly what your implementation will need > to > > do. > > > > You'll also need to provide a mechanism for your gadget developers to > > register consumer keys and secrets for their gadgets. > > > > --Jesse > > > > -----Original Message----- > > From: Nuwan Bandara [mailto:[email protected]] > > Sent: Thursday, February 18, 2010 1:58 AM > > To: [email protected] > > Subject: Clarification on OAuth Gadgets > > > > Hi, > > > > I am in the process of testing OAuth Gadgets in shindig. I managed to > get > > the sample OAuth gadget (google contacts gadget [1]) working in shindig. > > how > > ever if I want to add a gadget which is hosted at > > *http://foo.com/bar.xml* It seems I need to get a consumer key from > google > > (thinking that the same contact gadget hosted in foo.com) and add that > to > > the *conf/oauth.json*. > > > > This is not practical if the shindig is hosted and open for users to host > > gadgets in it. hence users cannot edit the* oauth.json* file to add the > > keys > > and gadget urls. is there a solution for this situation ? > > > > > > [1] http://dirk.balfanz.googlepages.com/contacts.xml< > > > http://www.google.com/url?sa=D&q=http://dirk.balfanz.googlepages.com/contacts.xml&usg=AFQjCNGPvRi7sauro2w3OLkx9MXknHQy4A > > > > > > > Thanks & Regards > > -- > > /Nuwan > > > > > > -- > Nuwan Bandara > - www.nuwanbando.com - Stranger Than Fiction > > [ http://www.linkedin.com/in/nuwanbandara ] > [ http://www.twitter.com/nuwanbando ] > -- Nuwan Bandara - www.nuwanbando.com - Stranger Than Fiction [ http://www.linkedin.com/in/nuwanbandara ] [ http://www.twitter.com/nuwanbando ]
