As there's cause for concern I'll just shelve this patch and keep it in house to support hi5 backward compatibility. I didn't realize it would cause this much of a ruckus :)
And yes, we'll be replacing our existing auth mechanism with OAuth in the near future. The security token work is next on my list for support in our container. What do you think about the gadgets.js patch? On Thu, Feb 07, 2008 at 06:37:03PM -0800, Kevin Brown wrote: > Is there any reason why you can't just pass the security token though? If > you implement GadgetSigner to be aware of how to decode your particular > token, you'd have all of this. The format can be exactly the same as > whatever you're using now, only you'd pass it as #st=<whatever> instead of a > view param; ultimately to support OAuth (as discussed in Brian's recent > threads and in SHINDIG-35) you'll want to use this anyway, so why not just > have a single token? > I'm also not really in favor of an approach like this because it makes it > harder for containers to dynamically determine support for specific features > that a container needs. If gadgets are expecting some hi5-specific data, it > would be better to introduce a feature -- perhaps "hi5.auth" or something > along those lines -- that exposes this functionality. This makes it easy to > see immediately that this gadget won't work correctly on other sites, since > they won't support this non-feature. > Lastly, the params are supposed to be the same as those passed to > requestNavigateTo -- so doing this violates the spec. Without introducing a > new feature the most logical place to inject this would probably be as a > user pref (up_Hi5AuthToken perhaps). > > > On Feb 7, 2008 5:50 PM, Paul Lindner <[EMAIL PROTECTED]> wrote: > > > > > > > For the hi5 container we want to surface the country, language and our > > > > authtoken parameters to the app developer. The current views.js code > > > > doesn't allow for this via the init() method. Here's a change that > > > > implements that: > > > > > > > > Index: features/views/views.js > > > > =================================================================== > > > > +++ features/views/views.js (working copy) > > > > @@ -28,7 +28,6 @@ > > > > * > > > > http://code.google.com/apis/gadgets/docs/reference/gadgets.views.html > > > > */ > > > > gadgets.views = function() { > > > > - > > > > /** > > > > * Reference to the current view object. > > > > */ > > > > @@ -79,8 +78,9 @@ > > > > * TODO: Use unified configuration when it becomes available. > > > > * @param {Map<String, Boolean>} supported The views you > > > > support, > > > > * where keys = name of the view and values = isOnlyVisible > > > > + * @param opt_p extra parameters you want > > > > */ > > > > - init : function(supported) { > > > > + init : function(supported, opt_p) { > > > > if (typeof supported["default"] === "undefined") { > > > > throw new Error("default view required!"); > > > > } > > > > @@ -98,6 +98,10 @@ > > > > params = tmpParams; > > > > } > > > > } > > > > + // Pull in extra params > > > > + for (var i in opt_p) { > > > > + params[i] = opt_p[i]; > > > > + } > > > > currentView = supportedViews[urlParams.view] || > > > > supportedViews["default"]; > > > > } > > > > }; > > > > @@ -118,4 +122,4 @@ > > > > > > > > gadgets.views.ViewType = gadgets.util.makeEnum([ > > > > "FULL_PAGE", "DASHBOARD", "POPUP" > > > > -]); > > > > \ No newline at end of file > > > > +]); > > > > > > > > > > > > > > > > > > > > -- Paul Lindner hi5 Architect [EMAIL PROTECTED]
pgplncHqJlPlW.pgp
Description: PGP signature
