Gmail Contextual Gadgets and OpenID Authentication steps
I'm trying to understand the correct sequence of steps followed开发者_JS百科 by Gmail when loading and authenticating a contextual gadget. One of the reasons (there are others) is that I want to know whether I can make the gadget manifest behind a Open ID authentication so that only authenticated users will be able to pull the gadget in to Gmail.
I haven't seen any documentation on this anywhere. Here's how I think it works... (where mysite.com is an openID relying party).
User: clicks on a mail in Gmail inbox Gmail: Load email. Retrieve gadget manifest from mysite.com/gadgets/gadget.xml MySite: You need to be authenticated to access gadgets/gadget.xml Gmail: Here's the user's OpenID MySite: Here's gadgets/gadget.xml Gmail: "paints" the gadget contents on the context area of the email
Please correct me if this is wrong
Well, I think the answer to my question is here: http://code.google.com/googleapps/marketplace/best_practices.html#gadget_sso
According to this, there's no implicit OpenID authentication. It's your responsibility to make it happen by using osapi.http.get.
I believe this is how it works:
- Admin installs your app at that point you can use SSO to get the admin's OpenID
- if you want to use 2-legged OAuth to get say all of the user's on the domain you can do that too (although I have not gotten that to work yet)
- When a user in that domain loads your gadget you can use: osapi.http.get which will append the open_social_id to the request to your server.
- now you have the opensocialid you can check if you have a user in your system with that open_social_id, if not then you can do through the same OpenId auth process you did in step 1 for the admin, but this time you relate the Open Social Id with the OpenId you receive in the auth process
- now anytime that user loads your gadget you can look up their open social id and determine that they have already been authorized.
精彩评论