I'm very new to the MySpace/OpenSocial application development scene and I have some basic questions about External Application Authentication. 

First of all, I'm creating a Ruby on Rails application that needs to access MySpace user profiles and friends.  I successfully did this for Facebook (using the Facebooker plugin) and was hoping to implement something similar with MySpace.  The MySpace MDP test area has a nice five-step example showing how this works, but it seems to lack details on how to do it.

http://developer.myspace.com/Modules/APIs/Pages/AccessDelegationTool.aspx

What I would like to do is to implement all five steps in my Ruby application.  For example, how do I actually implement a process to get a request token (step 1) .  Then in step two, I need to authenticate the user.  In the MySpace test page, I get redirected to a page that asks me to authorize the 3rd party application to access my MySpace data.  How can I replicate this in my Ruby application?  Once I get this far, I should be able to get the access token and then be able to use the RESTful API at will.

I implemented the Spacer Ruby client (http://developer.myspace.com/Community/forums/p/240/831.aspx#831) and I think it's close, but it continually fails requests because it doesn't allow my application to prompt users to add the application if it's not added.

Can anyone help me?

This should explain what you need.

http://developer.myspace.com/Community/forums/t/1832.aspx

 

Russ - Great post and thanks for responding to me so quickly.  I do have some question about your post. I suspect that I'm missing some core concept here because you are explained everything with very good detail.

My questions are in reference to the "Install Callback URL" section of your post.
1. How do I programmatically "hit the myspace system when a user wants to install my application"?  How does this process start?
2. I think this is related to my first question, but can you explain with an example by what you mean here: "do your first call back to the myspace servers to get the users name"?  What does that URL to the myspace server look like to get the user name?

My problem (I think) is understanding how to initiate contact with myspace so I can retrieve the opensocial_owner_id so I can make future requests.  Also, before I can make a query for a users friends that user must have my application installed.  What is the program flow that I need to redirect the user to a myspace pages asking them to install my application?

Peter:

1. How do I programmatically "hit the myspace system when a user wants to install my application"?  How does this process start?

When a user wants to install your app they click the install button on the apps profile page. That causes the myspace system to send a request to your install page on your server and passes along the info I describe in the post.  You do what you want with that info at that point.  What we do is an API request to get the users name and then we create a db record for that user.  After the install request is complete, myspace redirects the users browser to your application external iframe URL.

Peter:

2. I think this is related to my first question, but can you explain with an example by what you mean here: "do your first call back to the myspace servers to get the users name"?  What does that URL to the myspace server look like to get the user name?

Its exactly what i had in the other post. Its a GET request like this for a user profile.

http://api.myspace.com/v1/user/#####?oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F354364031&oauth_nonce=633421365057774247&oauth_signature=GASxMIk34F62SsLY4j6N8oMNrLA%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=120653

That returns an XML document that you can then parse out to get the users name or other info that myspace provides to the application.  You can only do the above programmatically (ie: can't just paste in the browser to see what you get) since you have to generate the signature based on the data being sent which changes on each request because the nonce and timestamp values change.  You can use the myspace oauth test tool to see what you get back though.

Peter:

My problem (I think) is understanding how to initiate contact with myspace so I can retrieve the opensocial_owner_id so I can make future requests.  Also, before I can make a query for a users friends that user must have my application installed.  What is the program flow that I need to redirect the user to a myspace pages asking them to install my application?

If you want to have a user install the app they must visit the apps profile page to then click the Install Application button so you can give people a URL like this

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=364547168 

(replace the id at the end with your applications user id)

 

Thanks again Russ for your help.  I think I'm almost there. 

Russ Cobbe:

When a user wants to install your app they click the install button on the apps profile page. ...

I undestand that.  My issue is more the process by which users add the MySpace application.  What's different about my situation is that users will start out in my external web application that will attempt to query a MySpace user profile IF they have the MySpace application installed/added. Once they add the MySpace application, users are redirected back to my external application.

Progress
I was able to install my application (not yet published) by using the OAuth Consumer Key for my application.  This takes me to the MySpace application front page where I can "Add this App".  After I hit the install button, the external application gets called just exactly as I specified it in the MySpace application settings:

  Install Callback Url: http://127.0.0.1:3003/myspace/ms_install
  Uninstall Callback Url: http://127.0.0.1:3003/myspace/ms_uninstall

What was unexpected (and undesired) was that after my hitting my install and uninstall processes in my application, the user was redirected back to their MySpace homepage.

How My External Application Functions
This is how I would like to use my MySpace application:

1. My external web app wants to access and display a user's MySpace profile information
2. When my app needs this information, it checks if the user has a valid MySpace session and that the MySpace app is installed
3. If the application is *not* installed, the user would get directed to a simple "Request to add/access data" page just like you see in the MDP Test --> External Application Authentication --> Step 3 (Authenticate User).  Go here to see what I'm talking about: http://developer.myspace.com/modules/apis/pages/accessdelegationtool.aspx
   
4. After the user adds the MySpace app, they are redirected back to my external app where I can start making profile queries

Questions
To authenticate the user, the MDP test calls http://api.myspace.com/authorize?oauth_callback=http://xxx&oauth_token=yyyy (from the MDP External Application Authentication test mentioned above).  Maybe my question boils down to this: how do i get an "unauthorized request token" which is "oauth_token" in the URL?  Ultimately, I think I need to reproduce what that MDP test does.

Peter:

I undestand that.  My issue is more the process by which users add the MySpace application.  What's different about my situation is that users will start out in my external web application that will attempt to query a MySpace user profile IF they have the MySpace application installed/added. Once they add the MySpace application, users are redirected back to my external application.

So want you need to do is get the session info for the user and store that to use when they come back to your external

application.  The /session API call will do that for you. 

 

Peter:

I was able to install my application (not yet published) by using the OAuth Consumer Key for my application.  This takes me to the MySpace application front page where I can "Add this App".  After I hit the install button, the external application gets called just exactly as I specified it in the MySpace application settings:

  Install Callback Url: http://127.0.0.1:3003/myspace/ms_install
  Uninstall Callback Url: http://127.0.0.1:3003/myspace/ms_uninstall

I assume you just put localhost info there for example instead of the real info. 

Peter:

What was unexpected (and undesired) was that after my hitting my install and uninstall processes in my application, the user was redirected back to their MySpace homepage.

 

They get redirected back to the URL specified as your external iframe URL so if that is not specified in your app they probably go to their myspace homepage.  So just set that and it should load up your application in a frame within myspace. 

Peter:

My external web app wants to access and display a user's MySpace profile information

1. When my app needs this information, it checks if the user has a valid MySpace session and that the MySpace app is installed
2. If the application is *not* installed, the user would get directed to a simple "Request to add/access data" page just like you see in the MDP Test --> External Application Authentication --> Step 3 (Authenticate User).  Go here to see what I'm talking about: http://developer.myspace.com/modules/apis/pages/accessdelegationtool.aspx
   
3. After the user adds the MySpace app, they are redirected back to my external app where I can start making profile queries

Questions
To authenticate the user, the MDP test calls http://api.myspace.com/authorize?oauth_callback=http://xxx&oauth_token=yyyy (from the MDP External Application Authentication test mentioned above).  Maybe my question boils down to this: how do i get an "unauthorized request token" which is "oauth_token" in the URL?  Ultimately, I think I need to reproduce what that MDP test does.

 Use the session API call to do this if I understand what you are trying to do. 

Russ Cobbe:

The /session API call will do that for you.

What is the address for the API?  I only know of the REST API (http://developer.myspace.com/community/RestfulAPIs/resources.aspx).

Russ Cobbe:

I assume you just put localhost info there for example instead of the real info.

For development, the localhost reference works fine so this was real info.  When we go to production, we will use an internet-accessible address.

Russ Cobbe:

They get redirected back to the URL specified as your external iframe URL so if that is not specified in your app they probably go to their myspace homepage.  So just set that and it should load up your application in a frame within myspace.

I have the iframe URL set to: http://127.0.0.1:3003/myspace/ms_install.  When I install my MySpace application, I land here: http://profile.myspace.com/Modules/Applications/Pages/Canvas.aspx?appId=108329&newinstall=1.  This is a MySpace page with content provided by my external application.  I don't want to land in an MySpace IFrame at this point. Is this avoidable?

I think I'm developing an atypical MySpace application.  My external application (EA) wants to give users the ability to access their MySpace account information.  The only way I know how to do this is to

1. create a MySpace application (MA),
2. have users install it and give permission for my EA to access their account, and
3. have the EA access the account information via the MA using the REST API.  

I would like to do all of this (except for account login and MA install) completely within my EA.  I want users to start in my EA then be asked to install the MA and then return immediately to my EA as opposed to getting stuck in the MA on the MySpace site.

If users are on a page in my EA and they already have installed MA and have a valid session, they should have to go to a MySpace page.

Thanks again for your time Russ.

Any luck with this yet, Peter?  If you've figured out how to interface with the session API through REST then that'd be very useful info to me.

Also, once you've established an authenticated session, can you get "full" details on a users friends through the profile or user REST API? Thanks and let me know!

 Hi,

I would also be very interesting on this subject

Thanks 

Victor 

 Amyone still looking for a solution? if someone still needs i found one just send a contact.

 

THX

Hi,

 can u pls send me the info ?

 releng [at] palgloo [dot] com

 thanks