Wednesday, April 01, 2009

Created "OAuth CrossDomain JavaScript Proxy Service"

Service:


OAuth CrossDomain JavaScript Proxy Service

Source Code:


http://xdoauthproxy.googlecode.com/

What can be done by this service ?


It enables you to easily call out OAuth-protected APIs (3-legged) from any JavaScript client - only JavaScript. No serverside programs are required to write a client.

Writing a client is very easy - one simple asynchronous JavaScript method invokation make it enable to access OAuth protected resource. No cumbersome process implementation like passing security tokens, signing, and showing dialogs to ask user's agreement. This proxy service does these works.

This service is running on Google's App Engine platforrm.

Code Example:


Example Client : OAuth CrossDomain JavaScript Proxy


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <head>
    <title>Example Client : OAuth CrossDomain JavaScript Proxy</title>
    <script type="text/javascript" src="http://xdoauthproxy.appspot.com/js/json2.js"></script>
    <script type="text/javascript" src="http://xdoauthproxy.appspot.com/js/xd-oauth-client.js"></script>
    <script type="text/javascript">
function startXdRequest() {
  XdOAuth.init('http://xdoauthproxy.appspot.com/xd-server.html'); // Initialization
  XdOAuth.request({
    url : 'http://www.google.com/calendar/feeds/default/private/full?alt=json', // OAuth-protected API Endpoint
    success : function(data) {
      var result = eval('(' + data + ')');
      var html = [];
      for (var i=0; i<result.feed.entry.length; i++) {
        var entry = result.feed.entry[i];
        html.push('<li>'+entry.title.$t+'</li>');
      }
      document.getElementById('result').innerHTML = html.join('');
    },
    error : function(res) {
      alert(res.status + ':' + res.body);
    }
  });
}
    </script>
  </head>
  <body>
    <img src="./img/s.gif" />
    <input type="button" onclick="startXdRequest()" value="Start OAuth Request to get private Google Calendar">
    <ul id="result"></ul>
  </body>
</html>


What's different from OpenSocial's OAuth Proxy?


It's similar on the point that it enables you to access OAuth APIs from JavaScript client, but this service doesn't require any OpenSocial container. It runs outside of gadget.

How many APIs now supporting ?


Almost all Google's OAuth-enabled GData APIs, Myspace, Twitter, and Smart.fm.

Notice


It pop-ups the window during the request for prompting users to agree to access the data, so you should disble browser's popup blocker for "xdoauthproxy.appspot.com"

Known Limitation


Initialy only GET request is supported. In near future we'll add support of POST or other HTTP method.

Others


You'll be prompted twice to allow intersite data exchange (OAuth Provider -> xdoauthproxy.appspot.com, xdoauthproxy.appspot.com -> The site which embedded JS client code). So it seems a little verbose for end users, but it is mondatory in order to avoid CSRF vulnerability.
Posted by Shinichi Tomita at 7:59 PM 4 comments

Sunday, September 30, 2007

Afrous public beta is now opened !

My personal project for creating JavaScript based mashup engine - called "Afrous" - is now opened to public. In this public beta, several new features are introduced; for example, new user interface totally rewritten using ExtJS, increased numbers of operations and web services, configuration open/save functions, html renderers, and so on.

http://www.afrous.com/


Opinions are welcome in anytime. Please contact me freely.
Posted by Shinichi Tomita at 1:38 AM 0 comments

Wednesday, April 18, 2007

Afrous - Ajax for the rest of us

Afrous is a pure JavaScript mashup engine. All of the data is mash-upped on client-side, that is, on web browser. It also includes graphical user interface which enables drag-and-drop process editing. Arbitrary web services with JSONP interface can be invoked.

http://www.nekodrive.com/afrous/

Notice : This is VERY Alpha version service. No saving function, no loading function, and no documentation, right now...
Posted by Shinichi Tomita at 2:32 AM 0 comments
Labels: , , , ,

Sunday, February 25, 2007

Pipes everywhere

Yahoo Pipes is really smart mashup engine, which only giant Yahoo can afford to offer. I thought it's great service because it had democratized mashup a little more than before. But I became very excited when I noticed they are actually offering browser-direct external connectivity. Yes it's known as JSONP.

This is a simple pipe, provided by http://kentbrewster.com/badger, which accepts RSS URL input and generates output in JSON(P) format.

http://pipes.yahoo.com/pipes/zIQi0Iy72xGJ3NMhJhOy0Q/run?_render=json&s=http%3A%2F%2Fpersonalized20.blogspot.com%2Ffeeds%2Fposts%2Fdefault%3Falt%3Drss&_callback=handleFeeds

Test JSONP from Here.
Posted by Shinichi Tomita at 1:00 PM 0 comments
Labels: , , , ,

Saturday, February 03, 2007

Salesforce.com AJAX Toolkit and Firebug

Now I'm a salesforce.com's employee, recently using AJAX Toolkit so much often. Manoj Cheenath's AJAX Tools is really cool, but sometime I need some instant way to access Apex API from browser.

This is a bookmarklet to load salesforce's AJAX Toolkit on demand. Register this link to your browser's bookmarks.

load AJAX Toolkit

While you are in Salesforce.com's instance (I mean in *.salesforce.com), click the registered bookmarklet. Then open your firebug (or any other javascript shell) and put this into console.


sforce.connection.query('SELECT Id, Name FROM Account')


You can connect Apex DB and inspect data anytime.
Posted by Shinichi Tomita at 10:07 AM 2 comments
Labels: ,
Subscribe to: Posts (Atom)