I'm currently developing an application that communicates to a backend server to retrieve data based on the current owner userid.  I can easily retrieve this in Flex, but can I trust that the opensocial_token passed to flash that I then initialize my MySpaceContainer with is authentic?  If not how can I do so?

Second, when Flex reaches out to the third party server to retrieve data passing the userid...is there any secure way I can authenticate my Flex app with the service without hard-coding secrets in the flash file.  Is there anything between OpenSocial and MySpaceId that can fulfill this need securely?...prompting for any credentials is not possible.

Thanks.

 So I possibly found some of my solution, though it is still not fully working...if I use the gadget.io.makeRequest and pass the parameter param[opensocial.ContentRequestParameters.AUTHORIZATION] = opensocial.ContentRequestParameters.AuthorizationType.SIGNED; from what I can tell I should get a signed hash of the packet using my secret oath key.  I then should be able to hash on my side and compare the hashes right?  

Does anyone have an example of this working?  From flash caller?

Thanks!

Jim