Server-side OpenSocial Java programming
Chris Schalk, Google Developer Advocate
10/04/2009

Agenda
• OpenSocial Background
• OAuth Background
• OpenSocial Java Client Libraries
• 2-legged and 3-legged OAuth Access
• Connecting to a Google Friend Connect site
2

OpenSocial Background
3 3

What is OpenSocial?
“OpenSocial defines a common set of APIs based on Open Standards
for building social applications across multiple websites”
4

What is OpenSocial?
Before OpenSocial…
5

What is OpenSocial?
Standards Based
6

What is OpenSocial?
7

Who owns OpenSocial?
?
8

Who owns OpenSocial?
? No!
OpenSocial is managed under the auspices of the
“OpenSocial Foundation” - http://www.opensocial.org
9

Who's Using it?
and many more...
10

Who's Using it?
11

OpenSocial Roadmap
• Version 0.5 was released in a “developer release” on Nov
1st 2007.
• First “sandbox” was made available on Orkut
• Version 0.6 was released in December 2007
• Initial version of Shindig server software was launched as Apache
incubator project
• Other sandboxes came live - Hi5, Ning, Plaxo …
• Version 0.7 (production) was released in January 2008
• MySpace, Hi5, Orkut began running 0.7
12

OpenSocial Roadmap
• Version v0.8/0.8.1
• Released in late 2008
• Contains a RESTful protocol, RPC protocol
• OpenSocial Client Libraries launched in Dec 08
• Specification:
http://www.opensocial.org/Technical-Resources/opensocial-spec-v081
13

OpenSocial 0.9 - Current
• Key Goal:
– Enable a faster development experience that is both secure and
efficient
Core principles:
• Client-side and server-side processing
• Standard set of tags with extensibility model
– Example: <os:ShowPerson>
14

Where can you find info on OpenSocial?
http://wiki.opensocial.org
15

OAuth Background
16 1
6

OAuth 101
What is OAuth?
• A standard, open protocol for secure API
authorization for :
– Desktop
– Web
– Mobile
• OAuth provides an API to access to secure data
while protecting account credentials.
• More info:
http://oauth.net
17

OpenSocial Java client libraries
18 1
8

Introducing the OpenSocial Client Libraries
A set of client libraries for that enable
direct communication to an OpenSocial
server.
• Client libraries exist for PHP, Ruby, Python and Java
• Supports both REST and RPC protocols
• Documentation Wiki pages
• Sample applications provided
http://code.google.com/p/opensocial-php-client
http://code.google.com/p/opensocial-ruby-client
http://code.google.com/p/opensocial-python-client
http://code.google.com/p/opensocial-java-client
19 19

RESTful and RPC protocols
Sample: Using the OpenSocial client library to Fetch a user’s friends
OpenSocialClient c = new OpenSocialClient("myhost.com");
c.setProperty(OpenSocialClient.Properties.REST_BASE_URI, "http://localhost:8080/social/rest/");
try {
OpenSocialPerson p = c.fetchPerson("john.doe");
System.out.println(p.getDisplayName());
Collection<OpenSocialPerson> friends = c.fetchFriends("john.doe");
for (OpenSocialPerson friend : friends) {
System.out.println(friend.getDisplayName());
}
} catch (Exception e) {
}
20

Demonstration: Working with the OpenSocial Java
client library
21 21

2-legged and 3-legged OAuth access
22 2
2

Demonstration: Connecting to an OpenSocial
container using 2-legged OAuth
(2-legged)
http://code.google.com/p/opensocial-java-client/wiki/TwoLeggedOAuthJava
23 23

Examining 2-legged OAuth access
• Does not offer universal access to the container
– Specifically tied to a single application installed on the container
– Uses hardcoded token values
• Consumer Key
• Consumer Secret
• Application security is left to the calling application
• Pros:
– Technically easy to implement
– Good for background data fetch
• Cons:
– Can only access social data associated with single application on
the container
– Security can be compromised if Consumer key/secret obtained
24

Demonstration: Connecting to an OpenSocial
container using 3-legged OAuth
(3-legged)
http://wiki.opensocial.org/index.php?title=Social_Website_Tutorial
25 25

Examining 3-legged OAuth access
26

Examining 3-legged OAuth access
• Offers universal access to the container
– User provides their own credentials to container to allow access
to data
• Application security is entirely under control of container
• Pros:
– Not hardcoded to specific application since user provides
credentials, so access can be for anyone
• Cons:
– Always have to go through access request step
• “Doing the Dance…”
– Not meant for automated data transactions
27

Connecting to a Google Friend
Connect Site
28 2
8

Demonstration: Connecting to Google Friend Connect
from an independent website
‘fcauth’ security token
http://plane-crazy.appspot.com
29 29

Useful Links
OpenSocial Homepage & specification: http://www.opensocial.org
OAuth website:
• http://oauth.net
2 legged OAuth tutorial (in the wiki):
• http://code.google.com/p/opensocial-java-client/
3 legged OAuth tutorial: “social website tutorial”:
• http://wiki.opensocial.org/index.php?title=Social_Website_Tutorial
Google Friend Connect:
• http://google.com/friendconnect
• http://code.google.com/apis/friendconnect
Plane Crazy example app:
• http://plane-crazy.appspot.com
30

Questions
Q&A
Thank You!
31