'Re: [Moblin Dev] librest: multi-part forms & facebook session'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       moblin-dev
Subject:    Re: [Moblin Dev] librest: multi-part forms & facebook session
From:       Ross Burton <ross () burtonini ! com>
Date:       2009-10-27 10:56:25
Message-ID: 1256640985.9465.16.camel () flashheart ! burtonini ! com
[Download RAW message or body]

On Mon, 2009-10-26 at 14:35 -0700, Lucas Beeler wrote:
> 1. Multi-part encoding support for HTTP POST requests on REST endpoints
> [snip]
> So does librest support multi-part encoding now, and, if not,
> is it likely to in the future?

No, yes.  Your analysis is correct and I believe that multipart are only
used for large binary uploads (Flickr and Facebook uploads being
excellent examples), so I'd like to implement this in a way that lets
you add IO streams to the message.  Imagine the case where you are
uploading a 10M image to Flickr: ideally you'll be able to simply add an
input stream reading from the file to the call and the file would be
read on demand, instead of loading the entire file into memory straight
away and working with it's string encoded form.

That said this would require a fair amount of work in libsoup first, so
maybe a method on RestProxyCall to set the encoding type would be
sufficient.

> 2. Facebook Connect-style session secret support in FacebookProxy objects
> 
> Since early 2009, Facebook recommends that desktop applications
> connecting to their API use the new Facebook Connect identity service
> to do authentication and obtain per-session permissions. One
> consequence of using the Facebook Connect API is that application
> secrets are now deprecated in favor of more limited (and secure)
> "session secrets," that are returned when a new session is obtained.
> From what I can see, librest's FacebookProxy class has no support for
> session secrets today (e.g., facebook_proxy_new_with_session( ) takes
> an application secret as an argument, not a session secret). So, are
> there any plans to add session secret support to librest in the
> future? That question asked, it looks to me like application secrets
> and session secrets are used in exactly the same way when digitally
> signing facebook API requests, so I surmise that it might be possible
> to just pass  facebook_proxy_new_with_session( ) a session secret
> instead of an application secret and to have it still work. Has anyone
> had any success with this approach?

I've had nothing but pain with the Facebook authentication system
because every time I look at the documentation it's recommending a new
method and is incorrect. :/  I have a hunch it will just work though, I
suggest you give that a go.

Ross
-- 
Ross Burton                                 mail: ross@burtonini.com
                                          jabber: ross@burtonini.com
                                           www: http://burtonini.com


_______________________________________________
Moblin dev Mailing List
dev@moblin.org

To manage or unsubscribe from this mailing list visit:
http://lists.moblin.org/listinfo/dev or your user account on http://moblin.org once logged in.

For more information on the Moblin Developer Mailing lists visit:
http://moblin.org/community/mailing-lists

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic