Thanks Trevor. Yes, I understand it does create security issues.
Regards, -Sumit. On Mon, Sep 29, 2008 at 4:06 AM, Trevor Johns <[EMAIL PROTECTED]> wrote: > > On Sat, Sep 27, 2008 at 12:34 AM, skg <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I get the session token from authsub authentication on server side, > > which I use for subsequent calls from server side. But I also want to > > access user's data from javascript. Is it possible to use token > > obtained on server side in javascript for this? > > > > Or do I need to use JS Library for authentication on client side also. > > Essentially meaning I will have to ask user to authenticate my > > application twice so that I can access his account on client side and > > server side both. Any way to avoid it? > > Unfortunately, there's no support for secure tokens in the JavaScript > client library, since there's no way this could be done safely (a user > could extract the signing key from your site and use it elsewhere). > > We also don't provide a public method to set the auth token, so > there's no supported way to pass a token from server to client. I'm > not really sure this would be a good idea from a security standpoint, > either. > > -- > Trevor Johns > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Calendar Data API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-calendar-help-dataapi?hl=en -~----------~----~----~----~------~----~------~--~---
