Hi,

the last days i was working on a API for project. for that, i was needed to set a OAuth system. all went perfect but i have a problem when i wanted to use the API in a AJAX app.

as you already know, AJAX it’s a technique where you use javascript to request info to a page and show it to the user. as you also know, javascript it’s executed in the user machine, and for OAuth it’s a problem :s

no matter what how it’s implemented the OAuth system in the API that you need to use, you need always to send the $consumer_key and the $consumer_secret encrypted in the signature, also depending of the type of request, also need to send the $token and $token_secret, for that, you can’t include in any javascript way (or in a swf) any of this vars why compromise the security of the consumer, why any with this data can access to the protected resources as you.

for that, the solution it’s to create a bridge between your AJAX/FLASH app and the API/OAuth server.

the process it’s simple, create a php with a code like this:

<?php

//check if the one who are making the call to the bridge it’s trusted

//for that you can use a filter ip, an authenticated session or any method that fits your needs

$consumer_key=”lalala”;

if($trusted){

//making the request

$result=$OAuth->request($url_of_the_server.$_GET['service'],

$consumer_key,$consumer_secret,$_SESSION['token'],$_SESSION['token_secret']);

echo $result;

}

?>

of course the code can be diferent depending of your client library and stuff, but basically that are the steps to make the bridge:

1)check that the one who call the bridge it’s trusted or ahiterized, checking a sesssion var or anything what you have

2)make the request using the $service var that define the service to call to the service

3)print the result of the call and it’s done

i hope this give you some help at the time to use OAuth and REST with ajax and flash

Regards,

Shadow.

Hi,

has been a long time, but i was busy sorry

i have finished (in 1 day) my new site, this site it’s a tool and let you receive the updates of your favorites twitters and fotologs (only valid for argentina, i want to support more countrys, you can help me to do it if you want )

please visit it at http://www.pixdir.info

i hope you enjoy and if you can spread the voice

Regards,

Shadow.