I'm experimenting with a robot that I would like to hold an OAuth token for a user. Ideally, once the setup is done, the user should be able to simply add the robot as a participant in a wave, and the robot should be able to use its existing, stored token to do something useful. The problem I'm seeing is that it doesn't appear that the robot really knows for sure that the wave it's processing events for is a real wave, and that the participants apparently in that wave are real participants. For all the robot knows, these RPCs could be created by anyone that knows the robot's app name, so I can't really do any privileged actions simply in response to API events. I think I need some other way of authenticating the user myself first. Does this sound right? Is there a standard way of doing that?
The only approach I can think of is for the robot to create a gadget, and have the gadget do all of the browser magic (redirects, etc.) to authenticate the user against Google (so that the robot knows who the user is), and then against the 3rd-party OAuth site. A hypothetical flow might look like this: 1. Add the robot to the wave 2. Robot creates a gadget. 3. Gadget authenticates user against Google, then retrieves app-side (not wave) state for the user 4. If no OAuth token exists, gadget authenticates user against 3rd- party OAuth, gets OAuth token, stores it on the server. 6. Robot does something useful with the wave, the authenticated user, and the OAuth token. All of this seems achievable, with some further thought, but it also feels really complicated, and I'm not sure how to transition to #6 yet. Is there a simpler approach here? David --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Wave API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-wave-api?hl=en -~----------~----~----~----~------~----~------~--~---
