To use AuthSub for Actionscript (or as we’re calling it, AuthSubAS), first ensure that the API you are accessing offers cross-domain support. To do this, simply check for a
crossdomain.xml file like those offered by the Picasa Web Albums Data API and the YouTube Data API. Then, if the API supports cross-domain scripting, you can simply point your Flash app to https://accounts.googleapis.com/accounts/AuthSub{Request,SessionToken} and authenticate. If you’re familiar with how AuthSub for JavaScript works, AuthSubAS works in much the same way. For more information, see the AuthSub for ActionScript guide and check out this code sample.Currently, cross-domain requests are only supported by the Picasa Web Albums Data API and the YouTube Data API. However, as more APIs offer cross-domain scripting through an open
crossdomain.xml file, the AuthSubAS authentication will work automatically. For questions about a specific API or to encourage your API to provide AuthSubAS support sooner, visit your API’s support group in Google Groups.
Thank you, thank you, thank you.
ReplyDeleteWhere will you be posting announcements of the additional APIs?
Again, thank you.
Wow, that is good.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThanks guys!
ReplyDeleteCool. Now do an OAuth for applications that allows applications to register. That security warning is a real disincentive to use OAuth for apps and to consider ClientLogin instead, despite the faster expiration of ClientLogin tokens.
ReplyDeleteIs anyone aware of an effort to port the Google Data Protocol Client Libraries to Actionscript?
ReplyDeleteThank you!
ReplyDelete@Geoffrey - Additional announcements will be posted here and on the API's own blog (if it has one).
ReplyDelete@DJC - We don't have any plans to write an ActionScript library in the near future. If you know of an awesome one or write one yourself, please let us know!
@Zach - Thank you for the info.
ReplyDeleteI guess the ranty blog post I wrote last week can be updated, thanks guys! Now how about encryption support with ClientLogin authentication?
ReplyDeleteWhere do we find the appropriate crossdomain.xml file to load for a given service? Specifically, I'm looking for Google Finance.
ReplyDeleteI notice mention of OAuth is conspicuously absent. This can of course be done, since a crossdomain file allowing an Authorization header will effectively allow both AuthSub and OAuth.
ReplyDeleteHowever, it occurred to me trying to use OAuth in ActionScript is very iffy, since it's easy to decompile a swf and take out the consumer secret. Is this the reason you don't seem to be "officially" supporting OAuth from AS?
Is there any way around this problem? I don't see one that is secure.
@Robert - Finance doesn't support crossdomain.xml quite yet, but you can lobby for it in the Finance support group at http://groups.google.com/group/google-finance-apis
ReplyDeleteAuthSubRevokeToken doesn't work
ReplyDeletehttps://accounts.googleapis.com/accounts/AuthSubRevokeToken doesn't take POST like the other methods
https://google.com/accounts/AuthSubRevokeToken doesn't have a crossdomain.xml file
how is one supposed to revoke the token?
Does Google Docs Api support crossdomain?
ReplyDelete