Hi Anthony, I n OAuth request application which is trying to fetch data is actually get authenticated and that application gets an OAuth token. This token is used by the application for fetching the data from the Restful API. When application makes request for data with the access token than service provider varifies tha token for its validity and accuracy. In shindig OAuth token will be somewhat like secutiry token which will consist of userId, applicationId and someother information also.
Chris please correct if i am wrong :) On Wed, Sep 3, 2008 at 12:26 AM, Anthony Lai <[EMAIL PROTECTED]>wrote: > Hi, > > I thought OAuth authenticates the user only. How can we tell which app is > calling the Restful API? Will there be support for that? > > Thanks. > Sincerely, > Anthony > > > > Chris Chabot wrote: > >> On Aug 28, 2008, at 7:14 AM, Ram Sharma wrote: >> >> Restful API are not fully implemented for direct url call as that will >>> need >>> OAuth support. In that case OAuth token will be passed to identify >>> application's authenticity. Right now no authentication is done in direct >>> url calls like : >>> http://localhost:8012/social/rest/people/10050/@self >>> Which are known as anonyms calls and allowed till the OAuth support is >>> implemented. but when you run any container for example sample container >>> it sends the >>> security token to the server. >>> >>> Chris please correct me if I am wrong. >>> >> >> Your absolutely 100% correct. >> >> What i did to test some of the RESTful calls as non anonymous owner, is >> set allow_plaintext_token to true and construct my own owner:viewer:etc type >> token, or taking a valid encrypted security token from an iframe (st=<lots >> of text>), that way you can debug and play with all the functionality >> without having to wait for oauth to be completed. >> >> -- Chris >> >> > -- Ram Sharma Software Engineer Impetus Infotech (India) Pvt Ltd Indore
