« Latest Links: Sunday... | Main | Joining IBM »

OAuth everywhere!

For my ApacheCon EU talk, which is now just a couple of weeks away, I'm going to talk about Shindig for Blogs and Wikis. I promised to show social features and OpenSocial Gadgets running inside Apache Roller and Apache JSPWiki (incubating). This post explains, at a very high level, how I got a Roller Gadget working, one that uses OAuth to call Roller and enables Roller to use OAuth to call back to the social network. It assumes you have a basic understanding of OpenSocial and OAuth.

Use case: posting Activities from Roller #

Specifically, what I want to show is a "Social Roller" Gadget that you can install into your Profile Page and that will post an Activity every time that you post a new blog entry in Roller.

Sounds simple, but I didn't realize just how much work it would take. To do it the right way, I needed OAuth everywhere! I needed OAuth Consumer and Provider support in both my Shindig-powered Social Network Server, that's SocialSite, and in my Blog Server, which of course is Roller. Unfortunately, when the layoff axe fell at Sun the SocialSite team had not finished OAuth support and Roller didn't have any OAuth support at all. Good thing is, SocialSite and Roller are open source and I had nothing better to do than to learn about OAuth and crank out some code. I'm not going to let a bunch of axe-wielding bean-counters stop me from keeping my promises.

How it works#

I now have complete OAuth Provider and Consumer support in SocialSite and Roller working and ready to demo. I'll post a screen-cast of the UI changes once I polish it up a bit (and finish my slides). For now, all I've got for you is a diagram that explains how the gadget interacts with SocialSite, Roller and OAuth to post activities to your profile.


Here's the deal. You install the Social Roller Gadget into your Profile Page within Roller. The gadget needs to talk to Roller so (#1) it calls Roller via the JS Container APIs. (Note that the blue indicates parts of the Social Roller Gadget.)

(#2) The container will work with the SocialSite Proxy servlet to add the right OAuth consumer keys, secrets and/or tokens to the request and will then send that request off to Roller. It must first (#3) negotiate with the OAuth Servlets in Roller. If you have not authorized the gadget to access your Roller account, then the container will show Roller's OAuth authorization page so you can hit the Authorize button, or not.

Once the gadget is authorized to access your Roller account, it will (#4) call the gadgetsetup.jsp page via HTTP GET to determine if you have enabled Activity posting. If you want to enable or disable, it will use an HTTP POST to tell Roller what you want.

The setup page will then (#5) call the Gadget Task to tell it to look out for your new blog posts and post an activity for each. The Gadget Task is controlled by Roller's cluster-friendly task management system and setup to run every minute.

Once you've enabled Activity posting, when the Gadget Task runs it will check to see if you have made any new posts and if you have, it will (#6) call the OpenSocial REST API to post an activity for each to your Profile. Negotiating with the OAuth Servlets as needed. And that's that.

What I didn't cover#

There are a lot of things I didn't mention and I hope to document some of them in the next week or so, while I'm still unemployed. Here's a quick summary of missing pieces:

  • How does SocialSite get the Consumer Key and Secret needed for calling Roller?
  • How does Roller get the Consumer Key and Secret needed for calling SocialSite?
  • How does the user authorize Roller's access to his Profile information in SocialSite?
  • When is OAuth support coming to the Roller trunk and can you use it for AtomPub?
  • How do I add my gadget to SocialSite so users can install and use it?

There are happy answers for all those questions, but that's all I've got time for today. I've got some slides to finish in a hurry.


Post a Comment:
  • HTML Syntax: NOT allowed

« Latest Links: Sunday... | Main | Joining IBM »


This is just one entry in the weblog Blogging Roller. You may want to visit the main page of the weblog

Related entries

Below are the most recent entries in the category Social Software, some may be related to this entry.