|
UsingOAuth
Relevant details to using OAuth
Info for the expertsSo, you're an expert? Perhaps you helped write the spec... this section is for you. Here's the relevant urls:
Logging in a user using OAuthAn annoying aspect of using Get Satisfaction for your companies support is the disconnect between your login system and ours. Many users don't understand that they need an account in each place. To facilitate some reduction of confusion, I've implemented a system that will allow you to use OAuth to automatically login users from your application into ours. Using this system you will be able to craft a special url that will log a user into the appropriate Get Satisfaction account and redirect them on through to their destination. You could, for example, allow users of your system to link their accounts to our accounts so they don't need to login to satisfaction when they want to ask a question about your service. Overview of the steps
Nothing different here than any OAuth token exchange. Get a request token, redirect user to the authorization page, exchange request token for access token. You will want to store this access token in your database, attached to the user account in your system who is currently signed in to your application. This token represents the link between your user accounts and Get Satisfaction's accounts.
So, you create a url, signed properly with the Access Token retrieved in step 1. The url will be to http://getsatisfaction.com/session/from_oauth, and you will want to sign it as a GET request. Since this url will be embedded into a link, you won't be able to use the Authorization HTTP header method, and so you should use the query string to supply the appropriate OAuth variables (token, nonce, signature, timestamp, signature method, consumer key, etc.). Care should be taken to not cache this url in your rendered html, since the first person to follow the link will be logged in as the attached user. To redirect the user into a specific page in satisfaction, you can supply an additional query string parameter. By specifying redirect=blah in the query string, Get Satisfaction will redirect the user on through to the url specified in the parameter after setting all of the appropriate cookies to keep a user logged into satisfaction. Don't forget to include the redirect parameter (if used) when calculating the signature used for OAuth verification. Please note that at present any cookies set using this method will always be session cookies; the user will be logged out of Get Satisfaction when they close their browser. Enabling persistent cookies is a possible feature, if enough people want it. An alternative, better methodThe method described above is less than ideal since it can interfere with caching strategies, so I propose a slightly more intensive procedure. The "embed a url" method is nice because it requires almost no effort above the initial effort to support being an OAuth consumer in your system. The alternative is to extend your application to act as a gateway for satisfaction. You will create action on your site that will redirect the user through to the special url described above. Let's use a real world example... iwantsandy.com simply has the "community" link in their application point to their Get Satisfaction community:
If they wanted their users to be automatically logged into their satisfaction accounts when they clicked that link they could:
As you can see, this method requires some implementation work over OAuth support. That said, compared to actually supporting OAuth the effort is trivial to implement the redirection gateway. In exchange, you don't actually expose any user specific information in your rendered HTML and can feel more safe in the notion that you aren't compromising your customers trust with allowing you access to their data on Get Satisfaction. |
Sign in to add a comment