Hi, I'm playing with creating a gadget that uses OAuth authentication. I am trying to think of ideas to securely store the oauth_token. Currently, I can think of two methods to store them within the gadget. Using UserPrefs or as state delta's. The problem is, that both methods would allow anyone with access to the gadget to get other user's tokens.
Then, that left me to try and store the tokens server-side. The problem with this, is that I have no way to confirm that the wave ID passed is authenticated. I thought of possibly using Google's User API in AppSpot, but then that would only work for Google Wave and not for any other wave servers. So I wanted to ask, is there a way to store gadget data that is only available to the specific viewer? Or, could someone suggest a better solution to this problem? Thanks! -- You received this message because you are subscribed to the Google Groups "Google Wave API" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-wave-api?hl=.
