[aerogear-dev] AG Social

Bruno Oliveira bruno at abstractj.org
Tue Apr 2 10:16:23 EDT 2013 

Hi Luke, good stalking description. I know this gist describes the client side and also that crypto on JS is **really** hard. 
But I'd suggest the addition of a "secure" alternative to developers, sending a request to retrieve the settings from the server. What is the advantage? 
We can discuss and elaborate a workflow to try to make it more safe. 

You might be interested in few recommendations on it https://www.owasp.org/index.php/Facebook  


-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile



On Monday, April 1, 2013 at 12:43 PM, Lucas Holmquist wrote:

> 
> 
> This only shows a facebook example, but i just wanted to get a highlevel discussion going. I have a JS implementation, partial, since i am using it in another project. But it is tailored to my needs.
> 
> 
> I'm sure i forgot a few things
> 
> AeroGear Social
> 
> Since this can be more that just a "login", it probably needs it's own category instead of being added to Auth.
> 
> 
> Basically, i see AG Social as a common way to access social network api's such as facebook[1], google plus[2], twitter[3], and others.
> 
> 
> It would be a wrapper around the current platform SDK's
> 
> 
> There are a couple a common themes for most if not all the social platforms
> 
> you need to create an "app" on the respective platform that can act on your behalf
> you need to provide "scopes", which are what information the app can access.
> 
> 
> For example, using the Facebook SDK, you cannot access the users email by default. you need to provide this scope and the user will have to authorize the usage when they log in.
> 
> 
> a quick javascript example of how it could look during creation
> 
> var AGSocial = AeroGear.Social(); AGSocial.add({ name: "FB", type: "facebook", settings: { clientId: "1234567890", //the app id provided by the platform scopes: "email", //the "extended permissions" we want the user to authorize channelFile: "//www.site.com/channel.html (http://www.site.com/channel.html)" //specific to facebook, for crossdomain .... //Other platform specific settings or just other settings } }); var facebookSocial = AGSocial.socials.FB; 
> 
> while "socials" might be a good name for the "modules", i'm still leaning to "stalkers", but probably not appropriate
> 
> Proposed API's - to Begin with. All names a debateable
> 
> examples below will continue building off the one above
> 
> 
> Here are a few of the basic methods that we could start off with
> 
> LoadSdk
> 
> This loads the SDK of the specified platform.
> 
> 
> The SDK's documentation recommends loading the scripts asynchronously. This gives a common way to load and then, if needed, wait for all the "socials" sdk's to load
> 
> Returns a promise object
> 
> takes loaded callback, probably name it success. also perhaps an error callback
> 
> facebookSocial.loadSDK({ success: function() { //loaded } }); 
> 
> 
> 
> for JS, i wanted to load the sdk during the Login() method, but popup blockers interfere with this idea
> 
> Login
> 
> this is probably an obvious one.
> 
> 
> Logs the user in using the specified platform.
> 
> takes success/error callbacks
> 
> callbacks return the response from the platform.
> 
> facebookSocial.login({ success: function( response ) { //returns the auth response from the specified platform, when success is determined }, error: function( error ) { //returns the auth response from the specified platform, when an error is determined } }); 
> 
> 
> Me
> 
> Gets your profile information. Must be called after a Login
> 
> 
> takes a list of "fields" to bring back, or return all default( passed on platform ) fields
> success/error callbacks
> success/error callbacks returns response from the server
> 
> facebookSocial.me (http://facebookSocial.me)({ fields: "picture, id,name, email", success: function( response ) { ... }, error: function( error ) { ... } }); 
> Logout
> 
> also obvious. Logs the user out.
> 
> 
> possibly success/error callbacks
> 
> facebookSocial.logout(); 
> 
> 
> Other Possible API's to begin with
> Friends
> 
> A common way to get your friends list
> 
> have various settings based on platform
> 
> success/error callbacks
> 
> facebookSocial.friends({ ... //some settings, success: function( response ){ ... }, error: function( error ) { ... } }); 
> 
> 
> Share
> 
> a common way to "Post" something to whatever platform
> 
> settings based on platform
> success/errorbacks
> 
> the message you want to share.
> 
> facebookSocial.share( ... //settings, message: { "a message to post" }, success: function( response ) { ... }, error: function( error ) { ... } ); 
> 
> 
> 
> 
> 
> 
> 
> [1] (https://developers.facebook.com/) [2] (https://developers.google.com/+/) [3] (https://dev.twitter.com/)
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

More information about the aerogear-dev mailing list