shindig-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davies,Douglas" <davi...@oclc.org>
Subject Security Tokens
Date Tue, 05 Jul 2011 18:28:36 GMT
I'm trying to figure out the whole security token flow using common
container.  Here's what I'm thinking.

 

Container set security token to specify who I am (
shindig.auth.updateSecurityToken('owner:viewer:appid:cont:url:0:default'
)  ).

 

Container makes call to get metadata.  

 

The meta data request uses this value in DefaultIframeUriManager to
generate a security token and pass it back on the iframe url (via the st
parameter) that is returned from the metadata request.

 

This st param is then passed to any subsequent makeRequest, appData,
userPref, etc. calls made from the gadget.

 

I set gadgets.uri.iframe.alwaysAppendSecurityToken in container.js to
make sure the security token is always returned.  I also thought at one
point all the subsequent makeRequest calls automatically had the st
param set, but I'm not seeing that with 3.0.0 beta 2.  Strange... st is
empty.

 

I haven't even gotten to oauth and how it fits into all this.  Right now
I'm just trying to figure out how to convey the current user to the
container and make sure all makeRequest, appData, userPref, etc. calls
have the correct context.  I also haven't tackled any encryption yet.
Right now I'm just trying to get this working in clear text.

 

Any help is appreciated.

 

Doug

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message