Hi Brian Thanks for the suggestions. My problem (and from reading the groups, other people's too) is just where to start. I've looked at OpenSocial but all I find is stuff about Myspace and reading friends lists.
I'm happy to take my question there, but I'd like to understand why I'm doing that. What would really help would be a single HTML page of "blueprints". Each blueprint has 3 columns. So for example:- Use Case Solution References Accessing Google Docs 2-legged oauth http://samplecode.com from a browser http://thisgroup.com via a GAE app Single sign on of a 2-legged oauth http://openid.com/oauth google gadget + OpenID I'm sure my above examples are complete nonsense, that's how badly I'm failing to understand OAuth, or rather how I don't understand how I should be applying OAuth to my problem. I have loaded up the sample gaeauthdemo. So I can POST to a servlet and it will say valid or invalid. I still have no idea how that helps me authenticate a user (by user I mean com.google.appengine.User) best Roy On Mon, Nov 9, 2009 at 9:30 PM, Brian Eaton <[email protected]> wrote: > > On Sat, Nov 7, 2009 at 10:57 AM, Roy <[email protected]> wrote: > > Having tried all the alternatives, I figured that OAuth is probably > > the answer, but I am really struggling to get a toe hold on the > > technology. In particular I really can't figure out what the different > > roles of the actors are, and eg. is my requirement a 2-legged or 3- > > legged one. Do I need to care about SSO/OpenID. All the blueprints I > > can find deal with the use case of accessing Gdata APIs, which isn't > > quite what I'm after. > > Hey Roy - > > You may want to take this question to the opensocial forums, but here > is a start: > > http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests > > The appengine OAuth support will help you a bit; you'll be able to > validate two-legged OAuth signatures with a simple function call. > That will take care of the authentication for you. You still need to > think about the authorization part of your application, though. > > Sample code here: http://code.google.com/p/gaeoauthdemo/ > > Cheers, > Brian > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
