Well, I appreciate your advice, Bob, but I'm not sure the Buzz API is
for me. It seems more tailored for websites with data streams. I was
interested in Friend Connect because the login included Yahoo, AIM and
Twitter as well. GFC also would enable my site to "become" a social
networking site by allowing friend requests between GFC-enabled users
to "friend" each other and post comments on each others profiles. The
problem remains that when a user of my website signs up using GFC,
then returns to sign in with the same button, I would like more
validation then a GFC ID. The fcauth cookie also doesn't give me
accurate login state information, not only because a cookie can easily
be spoofed, but because the fcauth call continues to give me account
data even after the user has logged off. If only there were some call
I could make to Google that would simply tell me if the user who has
just signed into GFC is indeed who they say they are and that yes,
they are logged in, or no, they have just logged out. Seems like it
would be possible using Perl. I'm surprised that it isn't.
I looked at the list of possible scope urls again and didn't see
"Google Accounts" and "Google Buzz" but I did find the Buzz API docs
here:
http://code.google.com/apis/buzz/
I didn't find anything for "Google Accounts API" but I did search
Google Code for that phrase and found the article "Federated Login for
Google Account Users", which I've already read, and is almost exactly
what I'm looking for, however, I wasn't sure if I had to use OpenID
+OAuth or if I could just use OAuth, and I'm not even sure what
information I'm gaining access to because nowhere does it say what
account or type of account I'm logging into (or did I miss that?).
It seems more and more that OpenID is what I'm looking for, to gain
access to this Federated Login, but will that get me into GFC, or
Gmail, or Blogger, or what? Do I really need to go to OpenID? Why
isn't there a scope url of Google Friend Connect? Does it have
something to do with this other article I found on Google Code?:
"OAuth security vulnerability discovered"
http://groups.google.com/group/Google-Accounts-API/browse_thread/thread/a2a8a481bbb521b8