Re: appId in service APIs

Mon, 19 Jan 2009 11:49:14 -0800 

thats for demo non-production unsingned tokens.

you should use secure tokens that are server side generated.

check this example on how Patuza (a Simple Social Network) renders OS
gadgets securely

http://code.google.com/p/partuza/source/browse/trunk/Application/Views/gadget/gadget.php

hope this helps

ropu

On Sun, Jan 18, 2009 at 8:45 PM, Harry Hübner <[email protected]> wrote:

> this sample shows how to generate a token with the appropriate data.
>
> http://cwiki.apache.org/confluence/display/SHINDIG/Display+a+gadget+in
> +a+web+page
>
> Those two JS-functions are responsible to render the gadget and pass the
> data (viewerid, appid, ...) to Shindig. The data comes from the container.
> Imagine you have a list of installed applications in your profile and you
> choose one to display. So you have the choosen appid and with it you call a
> page to display the gadget.
>
> function renderGadget(viewerId, ownerId, gadgetUrl, appId) {
>        gadget = gadgets.container.createGadget({'specUrl': gadgetUrl});
>        
> gadget.setServerBase('http://localhost:8080/gadgets/'<http://localhost:8080/gadgets/%27>
> );
>
>        // Viewer and Owner
>        gadget.secureToken = escape(generateSecureToken(viewerId, ownerId,
> gadgetUrl, appId));
>
>        gadgets.container.addGadget(gadget);
>
>  gadgets.container.layoutManager.setGadgetChromeIds(['gadget-chrome']);
>        gadgets.container.renderGadgets();
>      };
>
>      function generateSecureToken(viewerId, ownerId, gadgetUrl, appId) {
>        // Borrowed from SampleContainer.html
>        // Used to generate an "st" parameter to satisfy Shindig server
>        var fields = [ownerId, viewerId, appId, "shindig", gadgetUrl, "0"];
>        for (var y=0; y < fields.length; y++) {
>          // escape each field individually, for metachars in URL
>          fields[y] = escape(fields[y]);
>        }
>        return fields.join(":");
>      };
>
>
> Am 18.01.2009 um 08:27 schrieb Jordan Zimmerman:
>
>
>  What's unclear to me is how that appid gets communicated to Shindig. I
>> haven't crossed the OAuth bridge yet. So, maybe I'll figure that out when I
>> get there.
>>
>>
>>


-- 
.-. --- .--. ..-
R  o  p  u

Reply via email to