4 messages in org.apache.shindig.usersGadget-specific SecurityToken for OSAPI?| From | Sent On | Attachments |
|---|---|---|
| Peter Rothenpieler | Dec 7, 2010 12:49 am | |
| Paul Lindner | Jan 17, 2011 8:48 pm | |
| Michael Hermanto | Jan 18, 2011 10:44 am | |
| Michael Hermanto | Jan 18, 2011 10:45 am |
| Subject: | Gadget-specific SecurityToken for OSAPI? | |
|---|---|---|
| From: | Peter Rothenpieler (roth...@itm.uni-luebeck.de) | |
| Date: | Dec 7, 2010 12:49:45 am | |
| List: | org.apache.shindig.users | |
Hi people of shindig,
I am using OSAPI over JSON-RPC to load and store the Gadget UserPreferences as ApplicationData. On my demo-page, I have multiple gadgets being displayed at the same time (in iframes). Sadly, I have to "manually" update the securityToken for each call, since only one "global" SecurityToken is stored in the shindig.auth classes. This, of course, not only affects my UserPreferenceStore but also every OSAPI-Call which the gadget developers would make - they would all have to manually update the key by first calling "shindig.auth.updateSecurityToken(gadget.secureToken)".
The problem is in "features/osapi/jsonrpctransport.js" where the osapi call is secured using the securityToken, which is obtained by calling "shindig.auth.getSecurityToken();"
function execute(requests, callback) { [...] var token = shindig.auth.getSecurityToken(); if (token) { url += "?st="; url += encodeURIComponent(token); } [...]
My AppDataCall looks like this:
shindig.AppDataBasedUserPrefStore.prototype.savePrefs = function(gadget) { shindig.auth.updateSecurityToken(gadget.secureToken); osapi.appdata.update({ appId: "UP_" + gadget.id, userId: "@me", groupId:"@self", data: getUserPrefs()} ).execute(savePrefsResponseHandler); }
Is there a better way to handle the SecurityToken when making OSAPI-Calls? Since gadget.secureToken is properly initialized - wouldn't it make sense to use this Token instead of the "shindig.auth" call?
-Peter