Google Groups

Re: implementing a poco service provider: what if i can't infer who @me is?

Justin Richer Feb 6, 2012 10:49 AM
Posted in group: PortableContacts
What we've done is standardize on URLs for different users and groups,
such as:


To get info for a particular user. We've got sub-URLs for different bits
of the heirarchy, such as everybody in a particular user's department:


PoCo doesn't really define what these query structures look like, so we
went with our own ontology. We're using both OAuth2 and OpenID for auth
on this server, we still do have mappings for "@me" in cases where we
can look up the user ID. For directly-connected clients that use
2-legged OAuth2, we don't allow the "@me" queries.

  -- Justin

On 02/06/2012 01:41 PM, Ryan B wrote:
> hi all! i'm implementing a poco service provider that supports auth,
> but it can't use auth credentials alone to determine who the current
> logged in user (ie @me in poco) is. the poco spec kind of seems to
> require this, or at least doesn't explicitly talk about non-@me paths:
> it does allow extra query parameters, so i could require clients to
> pass in a user id or username as a query parameter, but i'd like to
> stick to the standard as close as possible so clients don't have to
> hard-code support for my provider. any thoughts?