I have an API I want to add to our custom shindig server that doesn¹t fit any current opensocial specs (appdata, people, etc.). The API would allow our gadget sandbox webapp to create the oauth2 client and oauth2 gadget binding entries (server to server).
So something like POST /opensocial/rest/oauth2client [client_id, client_secret, provider_name, application url] This would allow our sandbox gadget writers to enable oauth2 bindings without a third party having to be involved. My question is, what is the best way to expose such an API? Should I just expose it like all the other REST endpoints (and also via RPC) or should I just create a servlet with my own authentication scheme (perhaps just basic authentication)? If I use the existing framework should I use security tokens or should I use oauth2? I¹d be interested in hearing other viewpoints by people who have extended shindig with their own APIs. Thanks, Doug
