Oh I have the same issue... I really need signed requests!
On Dec 19, 6:12 am, "Peter Svensson" <[email protected]> wrote:
> Thank you!!!
>
> I mean - Argh! But thanks for the information :)
> Do you know about how much this have a priority?
>
> Cheers,
> PS
>
> On Thu, Dec 18, 2008 at 7:21 PM, Kevin Marks <[email protected]> wrote:
> > Signed Requests are not yet supported by Google Friend Connect - this is
> > coming in a future release.
>
> > On Thu, Dec 18, 2008 at 9:39 AM, Peter Svensson <[email protected]>wrote:
>
> >> John,
> >> thanks for the idea. That might be good enough security, but consider
> >> that you're open to bots (or humans) registering themselves with stolen
> >> ids.
> >> I would prefer if Google provided a simple functionality to authenticate
> >> users, a kind of 'quick path', since it would be so usable, and is asked
> >> from many different corners.
>
> >> Cheers,
> >> PS
>
> >> On Thu, Dec 18, 2008 at 6:08 PM, John Weidner <[email protected]>wrote:
>
> >>> I just wrote a custom gadget that prompts for a username and
> >>> password. Then I use makeRequest to send these credentials along
> >>> with their open social viewerId. On the server side, if the username
> >>> and password are correct, I store the viewerId in my user database for
> >>> that user. So now I know the viewerId for these users. But I'm
> >>> currently doing this without signed authentication.
>
> >>> On Dec 15, 7:19 am, psvensson <[email protected]> wrote:
> >>> > I just want to report back to my server the unique friend connect id
> >>> > and basic info of the current viewer. How hard can it be?
>
> >>> > I might not have understood how to do this correctly, but here's what
> >>> > I have done;
>
> >>> > 1. I have made sure that friend connect works on my site canvas, rpc-
> >>> > html, basic widgets and all that jazz.
> >>> > 2. I have made a simple custom widget, I call osaccess.xml which gets
> >>> > pulled in OK (Which I can see in firebug. It's of course proxied by a
> >>> > google server, but the content that gets in the browser is the same
> >>> > that I wrote).
> >>> > 3. From JS inside that custom widget, I make a request back to my
> >>> > server. It works fine if I use NONE as authorizationtype.
> >>> > 4. When I switch to SIGNED, I want to utilize that the google proxy
> >>> > guarantees id, and packs a lot of good info about the user/viewer.
>
> >>> > The code looks like this;
>
> >>> > function foo()
> >>> > {
> >>> > .....
> >>> > var params = {};
> >>> > params[gadgets.io.RequestParameters.CONTENT_TYPE] =
> >>> > gadgets.io.ContentType.TEXT;
> >>> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> >>> > gadgets.io.AuthorizationType.SIGNED;
> >>> > params[gadgets.io.RequestParameters.REFRESH_INTERVAL]
> >>> > = 5;
> >>> > var url = "http://howtobethechange.appspot.com/
> >>> > osaccess/";
> >>> > console.log("calling url... '"+url+"'");
> >>> > gadgets.io.makeRequest(url, reqcb, params);
> >>> > };
>
> >>> > function reqcb(data)
> >>> > {
> >>> > console.log("reqcb called....");
> >>> > console.dir(data);
> >>> > }
>
> >>> > The reqcb always reply "404: not found" when I use SIGNED.
>
> >>> > What is it that is not found?
>
> >>> > Where can I read about examples on how to set this up. It seems to be
> >>> > the absolutely single first, top of mind, thing that any pgroammer
> >>> > want to do and sort of _the whole point_ of friend connect - to report
> >>> > back the certified user id of the current viewer to the site hosting
> >>> > the widgets.
>
> >>> > What am I missing?
>
> >>> > I should point out that I have registered my site athttps://
> >>>www.google.com/accounts/ManageDomains, using a x.509 PEM
> >>> > certificate. It feels like there is a 'magic' url I have to provide
> >>> > (though I can't find any access from any google proxies or anything
> >>> > else when running the script).
>
> >>> > Very thankful for any advice.
>
> >>> > Cheers,
> >>> > PS
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OpenSocial Application Development" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---
