How do you authenticate user generated "apps" for your app?

Posted by Brian Armstrong on Stack Overflow See other posts from Stack Overflow or by Brian Armstrong
Published on 2010-04-02T04:57:53Z Indexed on 2010/04/02 5:03 UTC
Read the original article Hit count: 347

I'm think something like Facebook apps here. User generated pieces of code that people can write to interact with my app.

I understand how an authenticated API works, but this seems a little more complicated because not only does the APP have to authenticate itself (with a regular api-key) but the USER using the app has to be authenticated somehow too, without giving the app free reign.

I've been reading a bit here to see how FB does it: http://wiki.developers.facebook.com/index.php/How_Facebook_Authenticates_Your_Application

And it looks like you have to pass a signature in addition to the api-key along with every call, but I'm having trouble wrapping my head around how this gets generated and used on the other end (my server).

Figure there must be a simple explanation of this out there? Thanks!

P.S. I'm building a Rails app if there are any applicable gems/plugins.

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about authentication