Authentication Delegation
The OpenSocial specification requires that every user ID must be alphanumeric (A-Za-z0-9) and must uniquely identify the user in a container. This standardization is intended to allow for prefixing IDs with a domain name and separator to create globally unique IDs.
The SocialSite server satisfies this requirement by delegating the authority to verify user context to the host application. This means that the SocialSite server does not perform user authentication when there is a request to access the social graph from a widget installed on a user's web page. A host application is responsible for the following:
-
It must have some form of user authentication (such as the getRemoteUser method in the code example) so that a request from the SocialSite server to verify a user identity will cause the host application to return a valid user ID. Typically, user authentication consists of a log in page where user names and passwords are verified and stored.
-
It must include a file (such as socialsite_context.jsp in the code example) that implements an authentication delegation service for the SocialSite server. The SocialSite server sends a request for this file to your host application using the same cookies as the client would. This is how the host application can assert the identity of the current user to the SocialSite server.
Refer to the article on the SocialSite security model for more information.
- © 2010, Oracle Corporation and/or its affiliates