Server-side OpenSocial Java programming

Chris Schalk, Google Developer Advocate

10/04/2009

2

Agenda

• OpenSocial Background

• OAuth Background

• OpenSocial Java Client Libraries

• 2-legged and 3-legged OAuth Access

• Connecting to a Google Friend Connect site

3 3

OpenSocial Background

4

What is OpenSocial?

“OpenSocial defines a common set of APIs based on Open Standardsfor building social applications across multiple websites”

5

What is OpenSocial?

Before OpenSocial…

6

What is OpenSocial?

Standards Based

7

What is OpenSocial?

8

Who owns OpenSocial?

?

9

Who owns OpenSocial?

?

OpenSocial is managed under the auspices of the“OpenSocial Foundation” - http://www.opensocial.org

No!

10

Who's Using it?

and many more...

11

Who's Using it?

12

OpenSocial Roadmap

• Version 0.5 was released in a “developer release” on Nov1st 2007.

• First “sandbox” was made available on Orkut

• Version 0.6 was released in December 2007• Initial version of Shindig server software was launched as Apacheincubator project• Other sandboxes came live - Hi5, Ning, Plaxo …

• Version 0.7 (production) was released in January 2008• MySpace, Hi5, Orkut began running 0.7

13

OpenSocial Roadmap

• Version v0.8/0.8.1• Released in late 2008

• Contains a RESTful protocol, RPC protocol

• OpenSocial Client Libraries launched in Dec 08

• Specification:http://www.opensocial.org/Technical-Resources/opensocial-spec-v081

14

OpenSocial 0.9 - Current

• Key Goal:

– Enable a faster development experience that is both secure andefficient

Core principles:

• Client-side and server-side processing

• Standard set of tags with extensibility model

– Example: <os:ShowPerson>

15

Where can you find info on OpenSocial?

http://wiki.opensocial.org

16 16

OAuth Background

17

OAuth 101

What is OAuth?

• A standard, open protocol for secure APIauthorization for :

– Desktop

– Web

– Mobile

• OAuth provides an API to access to secure datawhile protecting account credentials.

• More info:

http://oauth.net

18 18

OpenSocial Java client libraries

19

Introducing the OpenSocial Client Libraries

19

http://code.google.com/p/opensocial-php-client http://code.google.com/p/opensocial-ruby-clienthttp://code.google.com/p/opensocial-python-clienthttp://code.google.com/p/opensocial-java-client

A set of client libraries for that enabledirect communication to an OpenSocialserver.

• Client libraries exist for PHP, Ruby, Python and Java• Supports both REST and RPC protocols• Documentation Wiki pages• Sample applications provided

20

RESTful and RPC protocols

Sample: Using the OpenSocial client library to Fetch a user’s friends

OpenSocialClient c = new OpenSocialClient("myhost.com");

c.setProperty(OpenSocialClient.Properties.REST_BASE_URI, "http://localhost:8080/social/rest/"); try { OpenSocialPerson p = c.fetchPerson("john.doe"); System.out.println(p.getDisplayName());

Collection<OpenSocialPerson> friends = c.fetchFriends("john.doe"); for (OpenSocialPerson friend : friends) { System.out.println(friend.getDisplayName()); }

} catch (Exception e) {

}

21

Demonstration: Working with the OpenSocial Javaclient library

21

22 22

2-legged and 3-legged OAuth access

23

Demonstration: Connecting to an OpenSocialcontainer using 2-legged OAuth

23

http://code.google.com/p/opensocial-java-client/wiki/TwoLeggedOAuthJava

(2-legged)

24

Examining 2-legged OAuth access

• Does not offer universal access to the container

– Specifically tied to a single application installed on the container

– Uses hardcoded token values

• Consumer Key

• Consumer Secret

• Application security is left to the calling application

• Pros:

– Technically easy to implement

– Good for background data fetch

• Cons:

– Can only access social data associated with single application onthe container

– Security can be compromised if Consumer key/secret obtained

25

Demonstration: Connecting to an OpenSocialcontainer using 3-legged OAuth

25

http://wiki.opensocial.org/index.php?title=Social_Website_Tutorial

(3-legged)

26

Examining 3-legged OAuth access

27

Examining 3-legged OAuth access

• Offers universal access to the container

– User provides their own credentials to container to allow accessto data

• Application security is entirely under control of container

• Pros:

– Not hardcoded to specific application since user providescredentials, so access can be for anyone

• Cons:

– Always have to go through access request step

• “Doing the Dance…”

– Not meant for automated data transactions

28 28

Connecting to a Google FriendConnect Site

29

Demonstration: Connecting to Google Friend Connectfrom an independent website

29

http://plane-crazy.appspot.com

‘fcauth’ security token

30

Useful Links

OpenSocial Homepage & specification: http://www.opensocial.org

OAuth website:• http://oauth.net

2 legged OAuth tutorial (in the wiki):• http://code.google.com/p/opensocial-java-client/

3 legged OAuth tutorial: “social website tutorial”:• http://wiki.opensocial.org/index.php?title=Social_Website_Tutorial

Google Friend Connect:• http://google.com/friendconnect• http://code.google.com/apis/friendconnect

Plane Crazy example app:• http://plane-crazy.appspot.com

31

Questions

Q&A

Thank You!