Hi James, I agree that the messaging here is a bit odd, but it's a known issue and we're looking to address it. I'll try and provide a bit of background as to why it is the way it is.
Let's say for instance, that you write a gadget that accesses data from MySpace. The user logs into iGoogle, finds your gadget, and adds it to his page. When the gadget loads, the gadget does the OAuth dance to communicate with MySpace. I think we both agree that this is reasonable, as installing a gadget shouldn't automatically expose all of your MySpace data to others (including the gadget's author). Now, swap out MySpace data with Google data. The user goes through the same process, logging in and adding your gadget. Would you expect that your gadget implicitly has access to all of that user's data? Maybe you would, since you have a legitimate use for it, and you're not a malicious developer. But should every app? Should the explicit contract of installing a gadget also include exposing all of your data to the developer? In most cases, the answer is no. It's probably reasonable to only give limited access to potentially private data, and only when explicitly requested, which is what the OAuth dance is doing here. The remaining bit is the odd disclaimer message. Normally, that type of message would say something along the lines of "Google is not affiliated with someapp.com" when a third-party uses OAuth to connect to data at Google. But, since these are gadgets, the domain actually running the app is also google.com. Google clearly associates with google.com, but not necessarily the gadgets running within iGoogle, hence the slightly silly message. Getting a decent, and verifiable value in place of google.com is actually a bit trickier than it might seem, which is, again, something that we're looking to address. I hope this helps. Thanks, Dan On Jul 30, 1:31 am, James McBryan <[email protected]> wrote: > I am trying to allow my Google Gadget use the Google Data API without > requiring an additional login. (This is because the user is already > logged into iGoogle, why make them login again if they have already > been authenticated, pretty repetitve ay? ) > > My approach is to use Oauth for authorization and when adding their > sample app here athttp://code.google.com/apis/gadgets/docs/oauth.html > I got the following message: > > "Google is not affiliated withwww.google.com" > > Why would google need to authenticate itself with google? Is there a > different approach that is better than using oAuth? My goal is to not > have the user login again when they are already logged in. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "iGoogle Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Gadgets-API?hl=en -~----------~----~----~----~------~----~------~--~---
