oauth

< coding <
TwitterFacebook
Get flash to fully experience Pearltrees
http://tools.ietf.org/html/rfc5849#page-4 Errata Exist Internet Engineering Task Force (IETF) E. Hammer-Lahav, Ed. Request for Comments: 5849 April 2010 Category: Informational ISSN: 2070-1721 Abstract OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end- user).

RFC 5849 - The OAuth 1.0 Protocol

Shindig - Welcome To Apache Shindig!

http://shindig.apache.org/ Apache Shindig is an OpenSocial container and helps you to start hosting OpenSocial apps quickly by providing the code to render gadgets, proxy requests, and handle REST and RPC requests. Apache Shindig is a container for hosting social application consisting of four parts: Gadget Container JavaScript : core JavaScript foundation for general gadget functionality ( read more about gadget functionality ). This JavaScript manages security, communication, UI layout, and feature extensions, such as the OpenSocial API.
http://groups.google.com/group/google-apps-gadgets-api/browse_thread/thread/9c8c938fe5a7ee08/adc22d9a4952f0d5?q=contextual+gadget+authenticate#adc22d9a4952f0d5 > You need to build a server-side flow that associates the user's > opensocial_owner_id with their OpenID claimed identifier. The process we use > is:

Gmail Contextual Gadget SSO - Google Apps gadgets API | Google Groups

This document describes what Gmail contextual gadgets are, how to write them, how to install them, and how to diagnose and fix some common issues. Gmail contextual gadgets can be listed for sale in the Google Apps Marketplace or used within in-house applications installed through the Google Apps console . A Gmail contextual gadget is a gadget that is triggered by clues in Gmail, such as the contents of Subject lines and email messages.

Gmail Contextual Gadgets Developer's Guide - Gmail APIs and Tools - Google Code

https://developers.google.com/google-apps/gmail/contextual_gadgets#extractor
Abstract This specification extends the OAuth signature to include integrity checks on HTTP request bodies with content types other than application/x-www-form-urlencoded . The OAuth Core specification [OAuth Core 1.0] ( OAuth, OCW., “OAuth Core 1.0,” . ) provides body integrity checking only for application/x-www-form-urlencoded request bodies. Other types of request bodies are left unsigned.

Final: OAuth Request Body Hash

http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html

Authentication Best Practices - Google Apps Marketplace - Google Code

https://developers.google.com/google-apps/marketplace/best_practices Security considerations with 2-legged OAuth 2-Legged OAuth for installed applications is a power feature that eases integration and enhances the user experience. To quote FDR (or Spiderman, take your pick), power must be linked with responsibility — the ability to impersonate users must not be abused by either the application or its users.

Validating Signed Requests - OpenSocial Documentation - OpenSocial Wiki

This article describes how to validate a signed request. If you're unsure of what a signed request is or why you would want to use one, please check out the OSD:Introduction To Signed Requests page.... http://docs.opensocial.org/display/OSD/Validating+Signed+Requests
Authentication and authorization for Google APIs allow third-party applications to get limited access to a user's Google accounts for certain types of activities. This document explains the available auth mechanisms and describes what each one provides for your application. OAuth 2.0 is a new, simplified authorization protocol for all Google APIs. OAuth 2.0 relies on SSL for security instead of requiring your application to do cryptographic signing directly. https://developers.google.com/accounts/docs/GettingStarted

Choosing an Auth Mechanism - Authentication and Authorization for Google APIs - Google Code

Beginner’s Guide to OAuth – Part IV: Signing Requests « hueniverse

This post contains obsolete or incorrect information. For a more recent update, please visit The OAuth 1.0 Guide Time to put the previously discussed concepts into action. http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
A good pratice when you build a Gmail contextual Gadget that communicates with a backend is to secure this communication. Within a Gmail contextual Gadget you can do that using the OpenSocial library to sign the requests. We explain how in this post. http://blog.simplecode.fr/2011/01/Set-up-a-secure-communication-between-a-Gmail-contextual-Gadget-and-a-Google-App-engine-backend

Set up a secure communication between a Gmail contextual Gadget and a Google App engine backend - the Simple Code's blog

Lesson 10: Interact with your own Backend - VZ Developer Wiki

This tutorial shows how you can call your own backend from a gadget, how you can verify the calls signature and how you can call the opensocial rest API from your backend. Making a call from your gadget In your gadget you can use the gadgets.io.makeRequest method to call an external url.

Working with Remote Content - Gadgets API - Google Code

This document describes how to fetch and manipulate remote textual (typically HTML), XML, and JSON data using the makeRequest() function. The makeRequest() function is just one technique for fetching remote data. For an overview of the different approaches you can use, see the Remote Data Requests Developers Guide . Refreshing the Cache For an overview of the different approaches you can use to fetch remote data, see the Remote Data Requests Developers Guide .
Important: OAuth 1.0 has been officially deprecated as of April 20, 2012. It will continue to work as per our deprecation policy , but we encourage you to migrate to OAuth 2.0 as soon as possible. This document describes Google's implementation of the OAuth open standard for authorization, and explains how to implement OAuth in your application. For more information on OAuth, see the OAuth.net documentation . You should already be familiar with the principles behind OAuth, and be aware of any service-specific authorization issues for the API you are using. You should also have read the appropriate background documentation for the type of application you are writing:

OAuth 1.0 API Reference - Authentication and Authorization for Google APIs - Google Code

Authorization services let users provide your application with access to the data they have stored in Google applications. Google takes privacy seriously, and any application that requires access to a user's data must be authorized by the user. Authentication and authorization services are often referred to collectively as auth . Authentication and authorization for Google APIs allow third-party applications to get limited access to a user's Google accounts for certain types of activities. This document introduces the available auth mechanisms and describes what each one provides for your application. OAuth 2.0 is a new, simplified authorization protocol for all Google APIs.

Authentication and Authorization in the Google Data Protocol - Google Data Protocol - Google Code

DJ’s Weblog » Blog Archive » Getting started with Gmail Contextual Gadgets

Gmail contextual gadgets were announced by Google a few months back and were made available to developers in May this year , just before making a strong appearance at Google IO . Expanding upon the concept of an earlier contextual project called Dashboard , Gmail contextual gadgets give a clear message that email, as a universal information carrier and workflow pipeline, is not only here to stay, but is being given a new lease of life as it plays a foundational role in Google’s enterprise scale application platform strategy. A Gmail contextual gadget enhances email messages by providing information or functionality that is relevant to the context of that email … right inside the email itself. Context is exposed by content extractors in the form of ‘clues’ in Gmail (akin to Dashboard’s ‘ cluepackets ‘) and matched content is provided to the gadget at runtime.