Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction...
Transcript of Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction...
![Page 1: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/1.jpg)
Creating Server-Side and Mobile Mashups with OpenSocial's JavaTM Client Libraries
Chris SchalkRyan BoydGoogleJavaOne 2009
![Page 2: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/2.jpg)
2
Agenda
> OpenSocial Background/Overview> OpenSocial REST support> Introducing the REST client libraries> OpenSocial Security - OAuth> Using the OpenSocial Java client library> Building Server-Side Mashups> Building Mobile Mashups> Summary
![Page 3: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/3.jpg)
3
Agenda
> OpenSocial Background/Overview> OpenSocial REST support> Introducing the REST client libraries> OpenSocial Security - OAuth> Using the OpenSocial Java client library> Building Server-Side Mashups> Building Mobile Mashups> Summary
![Page 4: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/4.jpg)
What is OpenSocial?
“OpenSocial defines a common set of APIs based on Open Standards for building social applications across multiple websites”
![Page 5: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/5.jpg)
What is OpenSocial?
Before OpenSocial…
![Page 6: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/6.jpg)
What is OpenSocial?
Standards Based!
![Page 7: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/7.jpg)
What is OpenSocial?
Learn once… Write anywhere
![Page 8: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/8.jpg)
Who owns OpenSocial?
OpenSocial is managed under the auspices of the “OpenSocial Foundation” - http://www.opensocial.org
No!?
![Page 9: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/9.jpg)
Who’s Using it?
And many more…
![Page 10: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/10.jpg)
OpenSocial now has over 800 Million users
![Page 11: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/11.jpg)
Demonstration> A simple OpenSocial gadget demonstration
![Page 12: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/12.jpg)
12
Agenda
> OpenSocial Background/Overview> OpenSocial REST support> Introducing the REST client libraries> OpenSocial Security - OAuth> Using the OpenSocial Java client library> Building Server-Side Mashups> Building Mobile Mashups> Summary
![Page 13: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/13.jpg)
The Evolution of the OpenSocial REST Specification
> Before v. 0.8, the only OpenSocial API was a JavaScript API Only worked within gadgets
> Initial OpenSocial API did not have a REST Specification. No server-to-server communication No options for Desktop or Mobile integration
![Page 14: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/14.jpg)
Lack of REST support meant no server-side integration> Through OpenSocial’s open specification process,
the community responded and created the OpenSocial REST specification
![Page 15: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/15.jpg)
OpenSocial REST support rolls out
> Version 0.8 Server responded to REST requests in either XML
or JSON AtomPub operations supported
> Version 0.8.1 RESTful and RPC protocols established
RPC protocol responds to HTTP POSTs and allows for batching of requests
![Page 16: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/16.jpg)
16
OpenSocial REST Support
Opens new development models
• Server-to-server communication• Multiple client types
• Server based UIs (JSP/JSF)• Mobile devices
![Page 17: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/17.jpg)
17
RESTful Protocol• Resources are URLs.
/people/{guid}/@all
• All people connected to the given user:Example - People:
/people/{guid}/@friends
• All friends of the given user:
/people/{guid}/@self
• Profile of the given user:
/people/@me/@self
• Profile of the authenticated user:
/people/@supportedFields
• Supported Person fields:
![Page 18: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/18.jpg)
18
• Request extra fields
• Filtering:
• Paging:
fields={-join|,|field}.
filterBy={fieldname} filterOp={operation}filterValue={value}updatedSince={xsdDateTime}networkDistance={networkDistance}
count={count} sortBy={fieldname} sortOrder={order} startIndex={startIndex}
format={format}
RPC Protocol• Http POST instead of GET
![Page 19: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/19.jpg)
Demonstration> Experimenting with the the RESTful protocol with
local Apache Shindig and a browser
![Page 20: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/20.jpg)
20
Agenda
> OpenSocial Background/Overview> OpenSocial REST support> Introducing the REST client libraries> OpenSocial Security - OAuth> Using the OpenSocial Java client library> Building Server-Side Mashups> Building Mobile Mashups> Summary
![Page 21: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/21.jpg)
OpenSocial Client Libraries
21
A set of client libraries for that enable direct communication to an OpenSocial server.
• Client libraries exist for PHP, Ruby, Python and Java • Supports both REST and RPC protocols• Documentation Wiki pages• Sample applications provided
![Page 22: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/22.jpg)
OpenSocial Client Libraries
22
http://code.google.com/p/opensocial-php-client http://code.google.com/p/opensocial-ruby-clienthttp://code.google.com/p/opensocial-python-clienthttp://code.google.com/p/opensocial-java-client
Hosted on Google code projects
![Page 23: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/23.jpg)
Demonstration> Getting familiar with the OpenSocial Java client
library
![Page 24: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/24.jpg)
24
Agenda
> OpenSocial Background/Overview> OpenSocial REST support> Introducing the REST client libraries> OpenSocial Security - OAuth> Using the OpenSocial Java client library> Building Server-Side Mashups> Building Mobile Mashups> Summary
![Page 25: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/25.jpg)
What about security?> OAuth to the rescue!
> “An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications” - Oauth.net
> The OpenSocial Client Libraries offer built-in support for OAuth
![Page 26: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/26.jpg)
The OAuth Authentication Process Also known as “3-legged OAuth”
WebDesktopMobile
Application
OAuth Provider
SecuredResource
1. HTTP Request for unauthorized token
2. Response with with unauthorized token
3. Authorization Request for request token
7. HTTP Request for access token
9. Request for secured resource with access token
6. Redirect with with authorized token
8. Response with with access token
4. Redirect forAccess consent
5. User choice accept/deny access
10. Response with requested data
Access ConsentPage
![Page 27: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/27.jpg)
2-legged vs. 3-legged OAuth> A “2-legged” OAuth transaction is actually a simplified version of a
typical OAuth transaction which is referred to as the 3-legged OAuth “dance”. The 2-legged process is simpler because it doesn’t force the end
user through an access consent page. Is optimal for server-to-server communication which can be outside
of the context of a user.> For a secured transaction with a user context, 3-legged OAuth would
typically be employed. A mobile or desktop application would typically use 3-legged OAuth.
> The OpenSocial client libraries support both authorization types. Not all OpenSocial containers support both authorization types
however.
![Page 28: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/28.jpg)
28
Agenda
> OpenSocial Background/Overview> OpenSocial REST support> Introducing the REST client libraries> OpenSocial Security - OAuth> Using the OpenSocial Java client library> Building Server-Side Mashups> Building Mobile Mashups> Summary
![Page 29: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/29.jpg)
29
Fetching Data from an OpenSocial container Using “2-legged OAuth” OpenSocialClient c = new OpenSocialClient(OpenSocialProvider.valueOf("ORKUT_SANDBOX"));
c.setProperty(OpenSocialClient.Property.CONSUMER_SECRET, "uynAeXiWTisflWX99KU1D2q5"); c.setProperty(OpenSocialClient.Property.CONSUMER_KEY, "orkut.com:623061448914"); c.setProperty(OpenSocialClient.Property.VIEWER_ID, "03067092798963641994");
try { // Retrieve the friends of the specified user using the OpenSocialClient Collection<OpenSocialPerson> friends = c.fetchFriends("03067092798963641994"); for (OpenSocialPerson friend : friends) { System.out.println("- " + friend.getDisplayName()); } } catch (org.opensocial.client.OpenSocialRequestException e) { System.out.println("OpenSocialRequestException thrown: " + e.getMessage()); e.printStackTrace(); }
![Page 30: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/30.jpg)
Demonstration> A 2-legged OAuth transaction using the Java
client library. Requesting profile information and friends list from
orkut.com
![Page 31: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/31.jpg)
Demonstration> A 3-legged OAuth transaction example.
Doing the “dance” with MySpace.com Using JSPs to show passing user to authorization
page
![Page 32: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/32.jpg)
32
Agenda
> OpenSocial Background/Overview> OpenSocial REST support> Introducing the REST client libraries> OpenSocial Security - Oauth> Using the OpenSocial Java client library> Building Server-Side Mashups> Building Mobile Mashups> Summary
![Page 33: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/33.jpg)
Building Server-Side Mashups with the OpenSocial client libraries> Any server-side Java Web application can easily
integrate with an OpenSocial server
> An example: A aviation themed website with social features
enabled via the client libraries App uses Java App Engine Connects to Google Friend Connect which is an
OpenSocial container that supports 2-legged OAuth.
![Page 34: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/34.jpg)
Demonstration> Examining the “Plane Crazy” demo site.
![Page 35: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/35.jpg)
35
Agenda
> OpenSocial Background/Overview> OpenSocial REST support> Introducing the REST client libraries> OpenSocial Security - Oauth> Using the OpenSocial Java client library> Building Server-Side Mashups> Building Mobile Mashups> Summary
![Page 36: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/36.jpg)
Building Mobile Mashups with the OpenSocial client libraries> Any native mobile phone applications that can
support OAuth and the REST protocol can communicate with an OpenSocial container
> For Java, this is easy. The OpenSocial Java client library comes with a
ready-to-run Android sample application which demonstrates extracting contact info from Plaxo using 3-legged OAuth.
![Page 37: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/37.jpg)
Demonstration> A simple 3-legged OAuth demonstration from a
mobile phone. Accessing Plaxo contacts info from an Android
phone.
REST
![Page 38: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/38.jpg)
Building Mobile Mashups a more advanced Mobile example> How an existing mobile game was made social
with OpenSocial and the REST client libraries
w
+
![Page 39: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/39.jpg)
Demonstration> The Social divide and conquer game!
![Page 40: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/40.jpg)
Summary> OpenSocial supports innovative server-side
and mobile integrations via its support of RESTful and RPC protocols
> The OpenSocial Java client libraries take all the heavy lifting out of communicating via these protocols.
> Any mobile, desktop or server-side Java developer can easily integrate OpenSocial and social features into their applications!
![Page 41: Chris Schalk Ryan Boyd - Oracle · 2-legged vs. 3-legged OAuth > A “2-legged” OAuth transaction is actually a simplified version of a typical OAuth transaction which is referred](https://reader034.fdocuments.us/reader034/viewer/2022042401/5f104cfb7e708231d4486de3/html5/thumbnails/41.jpg)
41
Chris SchalkRyan Boyd
Google Developer AdvocatesJavaOne 2009