On Wed, Sep 17, 2008 at 8:26 AM, Eiji Kitamura <[EMAIL PROTECTED]> wrote:
> Hi, > > > I'm trying to get clearer on OAuth on OpenSocial / Shindig and have a > few questions. > Sorry if these questions are not appropriate for this list. > > [1] opensocial_*id > > According to following document: > https://sites.google.com/site/oauthgoog/2leggedoauth/2opensocialrestapi > > OpenSocial container sends OAuth Consumer Request query with > * opensocial_ownerid > * opensocial_viewerid > * opensocial_appid > > But when I look at google code gadgets site document: > http://code.google.com/apis/gadgets/docs/reference/#gadgets.io > > It's said to send following query params which names are slightly > different: > * opensocial_owner_id > * opensocial_viewer_id > * opensocial_app_id > > Actual Shindig implementation looks like sending queries same as > google code gadgets site explanation: > * opensocial_owner_id > * opensocial_viewer_id > * opensocial_app_id > > Is the one on oauthgoog just typo or do they have different meaning? oauthgoog is wrong, and shouldn't be consulted for anything since it is *NOT* official documentation for OpenSocial. Only what's on http://opensocial.org is authoritative. The code.google.com copy is often out of date as well, so I wouldn't even use that. Please only ever consult opensocial.org for the official word on the standard. > > > > [2] xoauth_public_key > > According to following proposal: > http://dirk.balfanz.googlepages.com/oauth_key_rotation.html > > Public Key Identifier should be specified using "xoauth_public_key". > Same on google code gadgets site. > But actual implementation in Shindig seems like using > "xoauth_signature_publickey". > > Which is correct or should they be treated differently? Again, only what's published on opensocial.org is ever to be trusted. Dirk wrote the proposal, but that does not mean his original proposal is what became the standard. > > [3] xoauth_app_url > > According to following proposal: > http://dirk.balfanz.googlepages.com/oauth_gadget_extension.html > > App url should be specified using "xoauth_app_url". But it looks like > there's "opensocial_app_url" mentioned on google code gadgets site. > Shindig is implemented with "opensocial_app_url" too. > > Which is correct or should they be treated differently? Same here. This applies to *all* OpenSocial specification issues. Unless the specification explicitly points to another document (and we only do so for other published standards, not to random websites), you should never assume that any other document published anywhere is correct. This includes: - Anything published on code.google.com, sourceforge, or even the Shindig website (we sometimes lag the standardization process - Anything published on container websites (not all containers implement the specification correctly, and none implement it fully, Shindig included). If you read something on a container-specific site, you should only ever assume that the documentation applies to that container alone. - Anything published on random blogs or other personal websites. > > > > Thanks in advance. >
