If you set allow_anonymous_token => true, clients have full read access to
any information.
However if you want to allow write access too for creating messages,
activities, app data, or simply don't want to open up your data to everyone
without having an ACL in place, then supporting OAuth is required.
-- Chris
On Tue, Feb 17, 2009 at 12:54 PM, Lini H - Clarion, India <
[email protected]> wrote:
> Hi Chris,
>
> Thnx for the reply. One more thing..Does the OAuth has anything to do with
> the container classes i.e. the REST/RPC interface if the parameter
> "allow_anonymous_token" has been set to true in the config file?
>
> Regards,
> Lini Haridas
> Software Engineer
>
> Clarion Technologies
> SEI CMMI Level 3 Company
>
> 4th Floor, Great Eastern Plaza,
> Airport Road,
> Pune- 411 006,
> Maharashtra, India.
> www.clariontechnologies.co.in
>
> Email: [email protected]
> Mobile: +91 9823435917
>
> ----- Original Message -----
> From: "Chris Chabot" <[email protected]>
> To: <[email protected]>
> Sent: Tuesday, February 17, 2009 4:40 PM
> Subject: Re: OAuth
>
>
> > There's a number of places where OAuth is/can be used, so the answer
> depends
> > on which usage your referring too :)
> >
> > 1) OAuth for the REST/RPC interface: There are OAuth interfaces in
> shindig
> > which you can fill in, the actual consumer/access token&secret generator
> and
> > validation is done by the container and not by shindig; Partuza has an
> > example that supports both 2 and 3 legged OAuth:
> >
> http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthLookupService.phpand
> >
> http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthDataStore.php(the<http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaOAuthDataStore.php%28the>
> > actual 2 legged and 3 legged oauth tokens and secrets are generated by
> > partuza, you can find them in your edit profile -> oauth tab for the 3
> > legged version, and edit applications for the 2 legged kind)
> >
> > 2) Signed requests, you create the keys by following the instructions
> from
> > shindig/php/certs/README
> >
> > 3) OAuth in gadgets (aka the OAuth proxy), where shindig proxies OAuth
> > requests from a gadget to a 3rd party REST/OAuth service, see
> > http://code.google.com/apis/gadgets/docs/oauth.html for the basic
> > documentation and the keys should be stored in shindig/config/oauth.json
> >
> > Hope that helps to get you started!
> >
> > -- Chris
> >
> > On Tue, Feb 17, 2009 at 9:05 AM, Lini H - Clarion, India <
> > [email protected]> wrote:
> >
> >> Hi Chris,
> >>
> >> Wanted to know some details about the following:
> >>
> >> What is the purpose of OAuth in shindig and how is it implemented.
> >> How are the OAuth keys to be generated for shindig?
> >>
> >> Regards,
> >> Lini Haridas
> >> Software Engineer
> >>
> >> Clarion Technologies
> >> SEI CMMI Level 3 Company
> >>
> >> 4th Floor, Great Eastern Plaza,
> >> Airport Road,
> >> Pune- 411 006,
> >> Maharashtra, India.
> >> www.clariontechnologies.co.in
> >>
> >> Email: [email protected]
> >> Mobile: +91 9823435917
> >>
> >>
> >>
> >
>
