Hi,
I thought OAuth authenticates the user only. How can we tell which
app is calling the Restful API? Will there be support for that?
Thanks.
Sincerely,
Anthony
Chris Chabot wrote:
On Aug 28, 2008, at 7:14 AM, Ram Sharma wrote:
Restful API are not fully implemented for direct url call as that
will need
OAuth support. In that case OAuth token will be passed to identify
application's authenticity. Right now no authentication is done in
direct
url calls like :
http://localhost:8012/social/rest/people/10050/@self
Which are known as anonyms calls and allowed till the OAuth support is
implemented. but when you run any container for example sample
container it sends the
security token to the server.
Chris please correct me if I am wrong.
Your absolutely 100% correct.
What i did to test some of the RESTful calls as non anonymous owner,
is set allow_plaintext_token to true and construct my own
owner:viewer:etc type token, or taking a valid encrypted security
token from an iframe (st=<lots of text>), that way you can debug and
play with all the functionality without having to wait for oauth to be
completed.
-- Chris
