I am writing a gadget for an OpenSocial site (www.graasp.eu). Inside my gadget I open a connection to a server. To be exact a vert.x event bus opens a connection to my Vert.x backend with the help of sockJS.
Now I want to somehow check, if the user, who opens the connection, is successfully logged in to the OpenSocial site to permit the connection.
Any idea how I can do that? Can I access the OAuth token, send it to my server and ask the OpenSocial site if this token is valid?
For those who has the same problems. You can use signed requests: https://opensocial.atlassian.net/wiki/display/OSREF/Introduction+To+Signed+Requests
The gadget can send this signed request over an open social server like shindig to your custom server. Then you have to validate the request: https://opensocial.atlassian.net/wiki/display/OSREF/Validating+Signed+Requests
If the request is valid, you have to store the user id and a session key, which you have to generate. Then send the generated session key back. The gadget now opens a sockJS connection to your server and authentificats himself by the user id and the session key he received.