Friday, January 09, 2009

OpenSocial REST and WGET: Not So Much

The Open Social REST/RPC documentation ( says vaguely that you can play with the examples using the UNIX wget command, but I don't see it.

The problem is that the URLs have to be signed and carry proper security information. By fooling around with the example code, you can see that the OpenSocialClient class's fetchPerson() method is really just constructing a URL like the one below:

The number 083542533407771999 is my orkut user ID. You can't just "wget" this URL or put it in your browser, however. Doing so will return the error

HTTP request sent, awaiting response... 401 The request did not have a proper security token nor oauth message and unauthenticated requests are not allowed

Fooling around with the client codes (see previous post) will reveal the actual, signed URL used in the REST operation:

This URL is good for only one invocation (time-stamped).

To reproduce this, make the following change to

// c.setProperty(OpenSocialClient.Properties.RPC_ENDPOINT,
// "");

and then add the following line to's submitRest() method.

OpenSocialRequestSigner.signRequest(request, client);
System.out.println("This is the post-signed REST url: " + request.getUrl().toString());

More soon. It turns out the the base class is actually just a wrapper around the other classes (OpenSocialRequest and so on). So although the client does not apparently support write operations, you can work around this by constructing the appropriate REST POST operation.

No comments: