Thanks Dan, I get your point. But I've experienced that the OAuth proxy functionality is not widely supported by containes yet. And I'd lilke to make a portable gadget. So I decided to control the OAuth process directly from my gadget.
As for the keys, do you think that using the RSA algorithm instead of HMAC can help avoiding to expose them? Thank Paola On Fri, Sep 4, 2009 at 8:48 PM, Dan (Google) <[email protected]> wrote: > > Hi, > > Generally, you wouldn't want to perform 3-legged OAuth directly from a > gadget. The experience is sub-optimal (requiring users to navigate to > a page within the gadget iframe, do login and then direct back) and > you expose your keys in the process (the gadget XML is public). > > You can use the OAuth proxy, though, which avoids the key exposure, > and has some of the UI issues mitigated by the container: > http://code.google.com/apis/gadgets/docs/oauth.html. > > Dan > > On Sep 4, 3:17 am, Paola Renditore <[email protected]> wrote: > > Thanks for your answer Dan. > > > > Yes, I was trying to use 3-legged OAuth with those keys. > > I'll try using them with the 2-legged oauth. > > In the meanwhile, I obtained another consumer key by registering my web > site > > and then I used that key with 3-legged OAuth from my gadget and that > worked. > > > > Anyway, is there a way to obtain keys to perform 3-legged OAuth from a > > gadget? > > > > Thanks > > Paola > > > > On Fri, Aug 28, 2009 at 8:47 PM, Dan (Google) <[email protected]> > wrote: > > > > > Hi Paola, > > > > > Were you trying to use 3-legged OAuth with Portable Contacts? If I > > > recall correctly, the keys for that are different from the 2-legged > > > OAuth keys (from the directory verification page). > > > > > Dan > > > > > On Aug 28, 5:20 am, paola <[email protected]> wrote: > > > > Hi all, > > > > > > I've just completed the Gadget Ownership verification procedure at > the > > > > URLhttps://www.google.com/gadgets/directory/verifyandI got my > > > > consumer key/secret pair. > > > > Then I tried to connect to Google portable contact API from that > > > > gadget installed on Orkut, but I got the message that the consumer > was > > > > not registered. > > > > How do I register the gadget consumer key for accessing Google API > > > > from a remote site? > > > > > > Thanks a lot > > > > Paola > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "iGoogle Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Gadgets-API?hl=en -~----------~----~----~----~------~----~------~--~---
