You've got it there. Each user could have a different hostname, but the hostname per user is relatively static (we reserve the right to change it, but it rarely happens), so we encourage that along with keeping the access token they also keep the hostname to access that user by. Other requests can be requested from a given hostname - we only enforce certain requests (its all about locality to data). So while I'll be requesting my data from http://api342.photobucket.com/album/jhart_pb - the OAuth URI will look like http://api.photobucket.com/album/jhart_pb
This has to do with our existing routing/sharding implementation and it was the easiest way to get there. It sounds like a shard hint or other query string parameter could be easier implementation-wise (in fact, we have the shard number right in the 'access' oauth_token), but our front end is pretty simple and relies on DNS. It seems that its pretty implementation specific, though a future best practices could be written up. The OAuth spec is both pliable and strict in this sense. On Dec 1, 6:07 pm, Brian Eaton <[EMAIL PROTECTED]> wrote: > On Mon, Dec 1, 2008 at 4:40 PM, Justin Hart <[EMAIL PROTECTED]> wrote: > > We have run into and come up with a specific solution this problem on > > Photobucket, since we require photo album operations to happen on the > > appropriate 'silo' the user is on (our sharding technique). > > NetFlix, Y!, and Google Calendar all have similar behaviors > implemented in slightly different ways. Is there a best practice in > this area? > > NetFlix and Yahoo: return a unique id for the user along with the > access token. Clients must include this unique id in the URLs of > subsequent requests. > > Google Calendar: include a shard hint both in a URL query parameter > and a cookie. If both are missing, redirect and set the cookie. > > And now photobucket: redirect each request to a different hostname, > and expect the client to resend the request with the original > hostname. (Justin, have I got this right? Photobucket wants a > request forhttp://api123.photobucket.com/to be signed as if it were > forhttp://api.photobucket.com?) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
