Yeah, that's definitely the idea. I think our PoCo endpoint will need to change to include the user identifier in the URL, so that non-authenticated requests can get the public data for that user.Joseph is working on this as we speak, I believe.-DeWittOn Sun, Feb 21, 2010 at 1:40 PM, Kevin Marks <kevin...@gmail.com> wrote:
Part of the point of oauth is that you can reveal the public part without auth and signal with the auth: header that more is available
On Feb 21, 2010 1:33 PM, "Brad Fitzpatrick" <brad...@google.com> wrote:[+poco people]I guess that's the endpoint to which you'd perform the OAuth dance to get the user's full addressbook in PoCo form. But I suppose we should also have a URL for the user's self PoCo record, at least the public/unauthenticated form. Not sure what that URL is, but we should advertise it....Chris, Joseph, .....?> Ah, missed that...
--
You received this message because you are subscribed to the Google Groups "PortableContacts" group.
To post to this group, send email to portable...@googlegroups.com.
To unsubscribe from this group, send email to portablecontac...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/portablecontacts?hl=en.
On Sunday, February 21, 2010, Pete Warden <search...@gmail.com> wrote:
> On Sun, Feb 21, 2010 at 3:30 PM, Joseph Smarr <jsm...@gmail.com> wrote:
>
>
> The only question in my mind is how best to communicate to webfinger clients that essentially this PoCo url "already has the @me part baked in"--do you think we need a separate URI in the discovery document for "PoCo URL with the @me part baked in" vs "PoCo URL without the @me part baked in"? Or maybe we should just return the user ID as a separate piece of data in the webfinger response, and clients should just know to take the global PoCo endpoint and append the user ID they find in place of the @me slot to get public data?
>
> From my client's PoV, it's fine to get back a URL that requires some extra work to turn into an API call. We'll already need something like
>
> if (rel===HCARD)
> <hCard specific processing>
> else if (rel===PORTABLECONTACTS)
> <PoCo specific processing>
>
> so I don't think you lose any flexibility by documenting that in portablecontact's case you need to fiddle with the href url to turn it into a valid API call, as long as the webfinger providers are all consistent. I wouldn't like to return the user id as a separate component; at the moment the code's simple because the only values I need to extract from each link are the rel and the href.
>
> Chris's suggestion of redirecting the bare URL to @self seems nice too, it would allow naive clients to do what they do for the other unauthenticated APIs, call the bare href and parse the result.
>
> cheers,
> Pete
>
>
--
--
John Panzer / Google
jpa...@google.com / abstractioneer.org / @jpanzer