MySpace Developer Platform

A Place For Developers

Welcome Developers!

in

Welcome!

in
MySpace Developer Platform » OpenSocial » Flash Apps » Verifying your SWF is running from MySpace (vs. Facebook method) and some Facebook porting Qs.

Verifying your SWF is running from MySpace (vs. Facebook method) and some Facebook porting Qs.

Last post 05-02-2008 12:05 AM by Dave. 1 replies.
Page 1 of 1 (2 items)
Sort Posts: Previous Next

  • 05-01-2008 4:51 PM

    • FLARB
    • Not Ranked
    • Joined on 05-01-2008
    • Posts 1

    Verifying your SWF is running from MySpace (vs. Facebook method) and some Facebook porting Qs.

    Reply Contact

    So we've got this Flash game which works on the open web plus facebook.  I've just started to poke around OpenSocial and MySpace and don't see too much info on using Flash with MySpace's platform.

     I'd like to avoid using the AS3 library for MySpace since I'm trying to keep the actual game client platform agnostic.  In the case of our Facebook version it uses PHP to interact with Facebook and the FlashVars Facebook passes to all Flash apps to identify the user and verify the application is being launched from Facebook. 

     Facebook gives you a MD5 encrypted version of the arguments you can compare against your own MD5 hash using your private encryption key to see if the launching session is legit.  Not perfect, but kind of ok.

    Is there any way with OpenSocial/MySpace to actually verify whether the SWF is being run from a legit MySpace session?  In the Facebook case, we use the Facebook UID to log the user in, but require no password because we're assuming the user can only run the app from a legit Facebook session.  I'd like to do the same thing here.

    (Also--I'm assuming I need to use some kind of REST API to get the myspace user ID of the player since it's not passed as an argument in Flashvars??)

     

  • 05-02-2008 12:05 AM In reply to

    • Dave
    • Top 25 Contributor
    • Joined on 02-04-2008
    • Posts 132

    Re: Verifying your SWF is running from MySpace (vs. Facebook method) and some Facebook porting Qs.

    Reply Contact

    Hi FLARB, you can do something similar to fb sig verification with myspace.  Eddie has done some work on making calls without the AS3 library, so try searching the forum.  Or you could use the AS3 lib to try a few calls out and look at the request params, and then duplicate that on your own.

    But, anyway, what you do is the js equivalent of a *signed* makeRequest.  This passes the opensocial tokens to myspace's proxy, along with your request params.  Then the proxy generates an oauth signature and calls your server.  You can then validate the call is coming from myspace's servers by generating a signature for the request, using your private key + the oauth params, and comparing your oauth sig, with the one passed from myspace.

    In terms of getting the VIEWER and OWNER user id, you can use the REST api, or token based js calls.  Again, try searching the forum - I'm pretty sure Eddie has posted code on how to do it, if you don't want to use the as3 lib.
Page 1 of 1 (2 items)

About | FAQ | Terms | Privacy | Safety Tips | Contact MySpace | Advertise | MySpace International | MySpace Latino
©2003-2008 MySpace.com. All Rights Reserved.