Hey Rajesh,
3 legged OAuth is indeed the right solution here; And no once the user goes
through the OAuth flow once (ie get redirected to the social site where he
has to click 'Grant FOO.COM access to my data'), you get a long lived token
that you can keep using indefinitely, or until it is revoked which in
practice hardly ever happens. (So once the flow is complete, you store the
oauth token for that session in your database for that user)
The added benefit of using 3 legged oauth is that it has a user associated
with the session, so right after the the authentication you can do a REST
call to /rest/people/@me/@self to fetch the profile info of your user, and
/rest/people/@me/@friends to download his friends list, and you can refresh
and use the activities/etc API's this whenever its appropriate in your app
using that same long lived oauth token / secret.
-- Chris
On Wed, Jun 3, 2009 at 12:27 PM, raji <narniraj...@gmail.com> wrote:
>
> Yes, I agree with you. But with the 2-legged OAuth approach, it seems
> like we can access details of a user who has registered with my
> gadget. But I dont have any gadget running in any social network.
> Still I would just like to get the contacts of any given user. How can
> I do that? Should I follow the 3-legged OAuth approach? I have a doubt
> regarding 3-legged approach. Here does the user have to submit his
> credentials (to the actual social network) each time he wants to
> access the data? OR is it a one time setting saved some where in the
> user's social network account?
>
> Thanks,
> Rajesh
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to
opensocial-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---
