Welcome Developers!

Welcome!

MySpace Developer Platform » Deprecated » Flash Apps » Is opensocial_token passed to flash inline secure?

Is opensocial_token passed to flash inline secure?

Last post 01-12-2009 8:22 PM by Jim. 1 replies.

Page 1 of 1 (2 items)
	Sort Posts: Previous Next

01-11-2009 7:46 PM

Jim
Joined on 01-01-2009
Posts 2

Is opensocial_token passed to flash inline secure?

Reply Contact

I'm currently developing an application that communicates to a backend server to retrieve data based on the current owner userid. I can easily retrieve this in Flex, but can I trust that the opensocial_token passed to flash that I then initialize my MySpaceContainer with is authentic? If not how can I do so?

Second, when Flex reaches out to the third party server to retrieve data passing the userid...is there any secure way I can authenticate my Flex app with the service without hard-coding secrets in the flash file. Is there anything between OpenSocial and MySpaceId that can fulfill this need securely?...prompting for any credentials is not possible.

Thanks.

Filed under: REST API Flex Application, Flash, REST API swf, Container

01-12-2009 8:22 PM In reply to

Jim
Joined on 01-01-2009
Posts 2

Re: Is opensocial_token passed to flash inline secure?

Reply Contact

So I possibly found some of my solution, though it is still not fully working...if I use the gadget.io.makeRequest and pass the parameter param[opensocial.ContentRequestParameters.AUTHORIZATION] = opensocial.ContentRequestParameters.AuthorizationType.SIGNED; from what I can tell I should get a signed hash of the packet using my secret oath key. I then should be able to hash on my side and compare the hashes right?

Does anyone have an example of this working? From flash caller?

Thanks!

Jim

Filed under: flex actionscript oauth makerequest, flex makeRequest Myspace working sample, makeRequest flex crossdomain.xml

Page 1 of 1 (2 items)