Hi, all
We have developed and deployed our own gadget layout manager. It
is integrated with Shindig as backend OpenSocial service. It works
fine. Our main problem is how to integrate user management systems.
Let me describe the problem using an example.
Suppose I have two gadgets A and B which need to access the same
backend protected service, say, Twitter. Obviously, authentication and
authorization are necessary. After gadget A is authorized, it can
access user's Twitter data. However, gadget B may or may not be
authorized automatically although it should be under some conditions
(in terms of security). Our goal is that after a gadget is authorized,
all other gadgets deployed by the user which access the same protected
service/resource are authorized automatically.
There are several cases of implementation.
1) Web-based
Some cookies can be set after a gadget is authorized. Then
other gadgets from the same domain which try to access the same
protected service are authorized automatically because those cookies
(which include authorization token, etc) can be used.
2) API-based
Use APIs (e.g OAuth) provided by backend protected service
instead of web interface. In this case, it seems that more work needs
to be done at Shindig side. For HTML gadgets, all requests emitted by
gadget APIs (e.g. makeRequest) from gadgets go through Shindig
service.
In my opinion, it can work this way. After a gadget is
authorized, some authorization information associated with the user
and the service is maintained by Shindig service. When the gadget
sends a request using makeRequest, Shindig intercepts the request and
automatically adds authorization information to it before forwarding
it to backend service.
The disadvantage is Shindig source code needs to be modified :-(
Any suggestions? opinions?
Anyone has done this before? If it is not the correct way to go,
please correct me.
Thanks!
cheer,
Gerald
