OpenID + OAuth “hybrid” - MySpaceID Python SDK - Google Code

peruvianwageslaveInternet and Web Development

Feb 5, 2013 (4 years and 4 months ago)

214 views



Chak Nanga (Architect)



Building Apps With MySpace SDKs

Introduction


SDKs support "on
-
site" and "off
-
site" app development



"On
-
Site"/
OpenSocial

Applications (Canvas View)


OpenSocial

app’s canvas view hosted on your server


Written using a language/framework of your choice


App logic hosted on your servers and displayed on MySpace in an
IFrame




"Off
-
Site”/
MySpaceID

Applications


Apps/Services that leverage MySpace social data outside MySpace


Written in a language/framework of your choice


Apps hosted on your servers


MySpace SDKs Overview


MySpace REST APIs are at the core of the SDKs


SDKs provide a high level interface to the REST APIs


High level APIs to get social data from MySpace (friends, profile etc.)


Abstracts away the protocol details (
OAuth

signing)


Available in multiple languages


C#, Java, PHP, Python, Ruby


Consistent interface across all the languages


Open
-
sourced and hosted on
google

code


Contributors are welcome!

SDK Contents


Core API library and dependent libraries (
Oauth
,
OpenID

etc)


Samples for supported usage scenarios


OAuth

Delegated Access (“3
-
Legged”
Oauth
)


OpenID

+
OAuth

Hybrid


Documentation

Building an “on
-
site” application


Choose the "External
IFrame
" radio button in the Canvas
Surface tab


Enter the
IFrame

URL in the text box


Building an “on
-
site” application


Canvas view rendered in an
IFrame


Iframe


src
” set to
IFrame

URL (signed request from
MySpace)


Verify signatures when request hits your servers


Extract user id from the request


Utilize the user id in the SDK calls


On
-
Site App Demo / Code

Building a
MySpaceID

application


OAuth

Delegated Access Demo


Application steps


Get request token


Redirect to authorization page (on MySpace)


User approves application request


MySpace redirects to the supplied callback URL


Get access token


Access social data using the SDK


OAuth

Delegated Access Code


Get Request Token + Redirect to Service Provider



OAuth

Delegated Access Code


Get Access Token (in the Service Provider callback)




OAuth

Delegated Access Code


Access protected resources




OpenID

+
OAuth

“hybrid” Demo


MySpace is a “Combined Provider” (
OpenID

Provider +
OAuth

Service Provider)


OpenID

OAuth

extension (“hybrid”)


Combines authentication and authorization screen for two protocols


Better user experience


Application steps


Use
OpenID

library to initiate authentication


Embed
OAuth

approval request into
OpenID

authentication request


Combined Provider returns approved request token


Combined
Cosumer

exchanges the request token for access token


Access social data using the SDK


OpenID

+
OAuth

“hybrid” Code


Embed
OAuth

approval request



OpenID

+
OAuth

“hybrid” Code


Exchange approved request token for access token


Access user data



Thank You!


Additional Information


http://developer.myspace.com/myspaceid/