I currently have it set up to use the datastore. The site has no authentication, just a license key that is added to every REST request. I'm just wondering how kosher it is to store the license key in the data store. I'll also check with the service.
On Nov 5, 2:40 pm, David Nesting <[email protected]> wrote: > This sounds like what OAuth was designed to solve. That being said, since > your robot is certainly implemented on appengine, you have the local > appengine data store available to store user credentials. Obviously, don't > store sensitive information in the wave itself. > > Keep in mind that wave events aren't authenticated[1], so you have no idea > if the event you're receiving is legitimate. If you're responding to an > event by doing something interesting with a user's credentials, I would > suggest using a gadget for that (so you can authenticate the user > explicitly). > > David > > [1]http://code.google.com/p/google-wave-resources/issues/detail?id=344 > > On Thu, Nov 5, 2009 at 1:36 PM, jhb <[email protected]> wrote: > > > I am making a robot that uses a 3rd party service that requires a > > license key to get data back to the robot. What is the best way to > > store a user's password or key so they are not required to > > continuously reenter it. The service requires a license key for every > > REST request, there is no login, so I don't think oAuth will work, or > > am I wrong? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Wave API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-wave-api?hl=en -~----------~----~----~----~------~----~------~--~---
