I'm currently developing an application that communicates to a backend server to retrieve data based on the current owner userid. I can easily retrieve this in Flex, but can I trust that the opensocial_token passed to flash that I then initialize my MySpaceContainer with is authentic? If not how can I do so?
Second, when Flex reaches out to the third party server to retrieve data passing the userid...is there any secure way I can authenticate my Flex app with the service without hard-coding secrets in the flash file. Is there anything between OpenSocial and MySpaceId that can fulfill this need securely?...prompting for any credentials is not possible.