So you want to use OpenSocial gadgets on your site, Google FriendConnect isn’t the right choice for you since you want to leverage your own social graph, but your site isn’t written in PHP or Java, so how do you use Apache Shindig then?
For this scenario we’ve created the meta-data interface, it allows you to post a gadget URL to it, and it will return a JSON structure with all the meta data of the gadget that you can use to build your app gallery, user preferences UI and create the iframe’s in your site that point to Apache Shindig (which will render the gadget for you). The quickest way to check out how the meta data interface works is by loading up the sample-metadata.html sample, and inspecting the requests using something like firebug, here’s a live example:
http://modules.partuza.nl/gadgets/files/container/sample-metadata.html
With that you have all the required info to build your site’s UI, however you also need to create the proper security tokens, and link shindig to your data source:
Security Tokens.
The gadget get’s it owner id / viewer id / app id / container string / module id from the security token, in a typical production setup this would be an encrypted blob generated by the container (ie ‘the social website’), and put on the gadget’s iframe with a &st=<encrypted blob>. Encryption ensures that that data can’t be tampered with so that people can’t spoof their user id’s etc.
Now both java and php shindig both use the same methodigy to generate their tokens (see shindig/php/src/common/{BasicBlobCrypter,BasicSecurityToken,BasicSecurityTokenDecoder}.php for example), so you really have two options, either implement the same crypto logic / format (it’s basically a text string, with entries seperated by :’s, and aes128 encryption with a shared secret) in your language of choice, or create your own crypto and implement a PHP class that can decrypt it (and tell shindig to use that new class using the ‘security_token_signer‘ and ‘security_token‘ configuration keys, similar configuration can be found in java shindig in one of it’s .xml config files), The first option is probably the simplest solution as long as aes128 is available in your language of choice.
There’s a bit more information about how security tokens work and how to implement them in this blog post:
http://www.chabotc.com/partuza/about-partuza-and-shindig-security-tokens/
Social Data.
Now java and php differ slightly here, with php you use the same configuration as I mentioned above to tell shindig which classes to use, and with java you’d use Guice to inject the right classes, but the basics are the same: You’ll need to somehow get the social data requests that happen in shindig to your data back-end.
Now when you are running php or java already this is pretty simple since you can use that code directly, however in this situation you really have two choices, either you implement the DB logic in PHP or Java (for PHP, you can use Partuza’s (an example opensocial implementation) service implementation as example: http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaService.php and http://code.google.com/p/partuza/source/browse/trunk/Shindig/PartuzaDbFetcher.php), or you can implement an RPC method (using something like json-rpc) where shindig relays all social data calls to your back-end.
OpenSocial and thus Shindig has 4 data call types, People, Activities, AppData and Messages; Now the spec states that the only must-have of those is the People interface, and you could return a NOT_IMPLEMENTED error code on every other call type.. However if you want to run the typical OpenSocial app, it’s advisable to also support the Activities and AppData interfaces.. Messages is a nice to have, but in practice most social sites don’t support this so it’s not a big issue at all if you don’t.
