Hi, We have a web app that uses syndication so that we can use Google Gadgets inside of it. The Gadget settings are surfaced in the app's UI. We are now building out some Gadgets that will require OAuth authentication. Because of the architecture of our app and how the Gadgets are used, it makes more sense to do the OAuth authentication inside of our UI, rather than inside of the Gadget.
My initial thoughts are that the Gadget will store the request, access and authorize URLs in hidden UserPrefs. When the UI parses the settings, it will see these URLs and add a link that the user will be required to click in order to authenticate. If there is a consumer key and secret, it will be stored in the app. The app will use the consumer key and secret, together with the URLs from the Gadget settings, to perform the OAuth authentication. The resulting access token and secret can also be stored in the app. Sounds great so far. But the only problem is that I'm having trouble figuring out the best way to pass the access token and secret from our web app to the Gadget. What would be the best, most secure way of doing this? Thanks. -- You received this message because you are subscribed to the Google Groups "iGoogle Developer Forum" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/Google-Gadgets-API?hl=en.
