Imagine I want to create game "Rock-paper-scissors" for Google Waves. I am thinking to implement it as a Wave Gadget.
The idea is simple: all participants send their decisions to my cloud app (it is an Appengine Java Application), my server part collects this data and does not share to anybody until all participants complete their selection. After this the selection is shared to all participants and the winner is determined. I can use wave.getViewer().getId() to identify user on the server during gadgets.io.makeRequest. It can work perfectly. But how I can get sure that on the server side the incoming request is really from this specific wave user? (how can I approve that wave's participant id is not hacked on the client side? Any wave container signature allowing determine wave participant id is available?) What are the best practices for googl wave participant authentication on my appengine side? Please provide examples if possible. My actual gadget is more complicated but the problem is as described above. -- You received this message because you are subscribed to the Google Groups "Google Wave API" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-wave-api?hl=en.
