You are previewing Programming Social Applications.
O'Reilly logo
Programming Social Applications

Book Description

Like all good web ventures, the Social Web has risen in prominence ahead of any reliable standards that would ensure a consistent user experience. But that's finally beginning to change. With this book, you'll learn about a rich set of open source technologies for building compelling--and secure--social applications and websites. You'll discover what it takes to engage users on a personal level, and learn ways to monetize your venture.

Programming Social Applications introduces you to the open source tools used on many major social platforms, and explains how technologies such as OpenSocial, Apache Shindig, OAuth, OpenID, Caja, and others work together to help you solve practical issues. You'll also examine successful proprietary platforms to help you gain a comprehensive understanding of the Social Web's foundations.

  • Learn how to build viral applications with social data

  • Implement social web technologies using real-world examples

  • Work with OpenSocial to standardize social graphs—individual nodes and their relationships

  • Build a scalable OpenSocial application container with Apache Shindig

  • Develop comprehensive user authentication and authorization systems using OAuth and OpenID

  • Learn how Caja, and ADsafe provide user security on social websites

  • Deal with bugs and other problems when implementing these technologies

  • Build distributed web frameworks that extend social graphs to include any social footprints users leave on the Web

Table of Contents

  1. Programming Social Applications
  2. Dedication
  3. Preface
    1. Audience
    2. Contents of This Book
    3. Using an Open Source Technology Stack
    4. Conventions Used in This Book
    5. Using Code Examples
    6. Safari® Books Online
    7. How to Contact Us
    8. Acknowledgments
  4. 1. Social Application Container Core Concepts
    1. What Is a Social Application Container?
      1. The User Profile
      2. User Friends and Connections
      3. The User Activity Stream
    2. Implementing Proprietary Versus Open Standards
      1. Proprietary Implementation
      2. Open Source Implementation
      3. Why This Book Covers Open Standards
    3. The Embedded Application: Building in a Black Box
    4. Embedded Application Security
      1. Cross-Site Scripting
      2. Same-Origin Policy and Older Browsers
      3. Drive-by Downloads
      4. Securing Applications
    5. The External Application: Integrating Social Data Outside the Container
    6. Application Views
      1. The Home View (Small View)
      2. The Profile View (Small View)
      3. The Canvas View (Large View)
      4. The Default View (Any View)
    7. Application Permission Concepts
    8. Client-Side Versus Server-Side Applications
      1. Using Template Systems for the Markup Layer
      2. Using a Blended Server and Client Environment
      3. Deferring the Loading of Noncritical Content
    9. When Good Applications Go Bad
      1. The Portable Flash Application
      2. The Underdeveloped View
      3. The Copycat View Application
      4. The Oversharing Application
      5. The Unmonetized Application
      6. The Feed Application
    10. Application Model Case Studies
      1. Case Study: Friendship-Based Social Gaming
        1. Understanding user targeting
        2. Building a relevant graph in the game
        3. Allowing connections to interact with one another in the game
        4. Providing clear benefits for actions taken in a game
        5. Integrating social channels through email, notifications, and activities
        6. Monetizing through the sale of virtual goods
      2. Case Study: Product Sales Applications
        1. It’s not all about games
        2. Taking an old idea and making it new
        3. Opening up discussions to get and provide feedback
        4. Gifting a service
      3. Case Study: Location-Based Applications
        1. Meeting friends
        2. Providing badges and points
        3. Offering competition (mayorships and leaderboards)
        4. Location- and profile-based ad targeting
        5. Offering promotions through local businesses
    11. Quick-Start Tips
      1. Understand Your Audience
      2. Build Social Integration Points Early
      3. Build with Monetization in Mind
      4. Create Comprehensive Views That Play Off One Another
  5. 2. Mapping User Relationships with the Social Graph
    1. The Online Social Graph
    2. Applying the Real-Life Social Graph Online
      1. Clustering Users Automatically
      2. Privacy and Security
      3. Establishing Trust
    3. Sharing Private User Data: Opt-in Versus Opt-out
      1. The Opt-in Sharing Model
      2. The Opt-out Sharing Model
    4. Understanding Relationship Models
      1. The Follower Model
        1. Example
        2. Privacy
      2. The Connection Model
        1. Example
        2. Privacy
      3. The Group Model
        1. Simple group model: User-defined groups
          1. Example
          2. Privacy
        2. Complex group model: Automatic clustering
          1. Example
          2. Privacy
    5. Relationships Versus Entities
    6. Building Social Relevance: Exploring the Facebook Social Graph
      1. Building Upon Real Identity
      2. Understanding the Viral Channels
      3. Building User Groups
      4. Avoiding Irrelevant Social Graphs
    7. Defining Entity Likes and Dislikes Through the OpenLike Protocol
      1. Integrating the OpenLike Widget
      2. How the Shared Likes Appear
    8. Conclusion
  6. 3. Constructing the Foundation of a Social Application Platform
    1. What You’ll Learn
    2. Apache Shindig
    3. Setting Up Shindig
      1. Installing Shindig on Mac OS X (Leopard)
        1. Requirements
      2. Installing Shindig on Windows
        1. Requirements
      3. Testing Your Shindig Installation
    4. Partuza
      1. Requirements
      2. Installing Partuza on Mac OS X (Leopard)
      3. Installing Partuza on Windows
      4. Testing the Partuza Installation
    5. The OpenSocial Gadget XML Specification
    6. Configuring Your Application with ModulePrefs
      1. Require/Optional
      2. Preload
      3. Icon
      4. Locale
      5. Link
    7. Defining User Preferences
      1. Enum Data Types
    8. Application Content
      1. Defining Content Views
        1. Creating a Content section
        2. Creating multiple Content sections
        3. Creating one Content section with multiple views
        4. Creating cascading Content sections
        5. Navigating between views
        6. Passing data between views
        7. Creating and working with subviews
        8. Defining error view states
      2. Inline Versus Proxy Content
    9. Putting It All Together
  7. 4. Defining Features with OpenSocial JavaScript References
    1. What You’ll Learn
    2. Including the OpenSocial Feature JavaScript Libraries
    3. Dynamically Setting the Height of a Gadget View
    4. Inserting Flash Movies in Your Gadget
    5. Displaying Messages to Your Users
      1. Creating a Message
        1. Dismissible messages
        2. Static messages
        3. Timer messages
      2. Positioning the Message Windows
        1. Positioning a single message
        2. Positioning all messages
      3. Styling the Message and Window
        1. Styling message content
        2. Styling a single message window
        3. Styling all displayed message windows
    6. Saving State with User Preferences
    7. Setting Your Gadget Title Programmatically
    8. Integrating a Tabbed Gadget User Interface
      1. The Basic Gadget
      2. Creating a Tab from Markup
      3. Creating a Tab from JavaScript
      4. Getting and Setting Information About the TabSet
        1. Aligning tabs
        2. Showing and hiding tabs
        3. Obtaining the parent container
        4. Obtaining the currently selected tab
        5. Obtaining all tabs
        6. Removing a tab
        7. Setting the selected tab
        8. Swapping tab positions
        9. Getting and setting information about a tab
        10. Getting the callback of a tab
        11. Obtaining the content container
        12. Obtaining the tab position
        13. Obtaining the tab name
        14. Obtaining the tab label
    9. Extending Shindig with Your Own JavaScript Libraries
    10. Putting It All Together
      1. Building the Gadget XML File
      2. Displaying the Gadget Using Shindig
  8. 5. Porting Applications, Profiles, and Friendships
    1. What You’ll Learn
    2. Evaluating OpenSocial Container Support
    3. Core Components of the OpenSocial Specification
      1. Core API Server Specification
      2. Core Gadget Container Specification
      3. Social API Server Specification
      4. Social Gadget Container Specification
      5. OpenSocial Container Specification
    4. Cross-Container Development and Porting
      1. Use a Blended Client-Server Environment
      2. Decouple Social Features from Mainstream Application Code
      3. Avoid Using Container-Specific Tags
    5. Porting Applications from Facebook to OpenSocial
      1. Employ iframes for Non-Social-Application Constructs
      2. Abstract Facebook Function Logic
      3. Separate Visual Markup from Programming Logic
      4. Use REST Endpoints, Not FQL
      5. Employ a Server-Side Heavy Code Implementation
    6. Personalizing Applications with Profile Data
      1. The Person Object
      2. Person Data Extraction Methods
        1. osapi.people.get
          1. Parameter list
          2. Example request
        2. osapi.people.getViewer
          1. Parameter list
          2. Example request
        3. osapi.people.getViewerFriends
          1. Parameter list
          2. Example request
        4. osapi.people.getOwner
          1. Parameter list
          2. Example request
        5. osapi.people.getOwnerFriends
          1. Parameter list
          2. Example request
      3. Fields Available Within the Person Object
        1. opensocial.Person.Field.ABOUT_ME
        2. opensocial.Person.Field.ACTIVITIES
        3. opensocial.Person.Field.ADDRESSES
        4. opensocial.Person.Field.AGE
        5. opensocial.Person.Field.BODY_TYPE
        6. opensocial.Person.Field.BOOKS
        7. opensocial.Person.Field.CARS
        8. opensocial.Person.Field.CHILDREN
        9. opensocial.Person.Field.CURRENT_LOCATION
        10. opensocial.Person.Field.DATE_OF_BIRTH
        11. opensocial.Person.Field.DRINKER
        12. opensocial.Person.Field.EMAILS
        13. opensocial.Person.Field.ETHNICITY
        14. opensocial.Person.Field.FASHION
        15. opensocial.Person.Field.FOOD
        16. opensocial.Person.Field.GENDER
        17. opensocial.Person.Field.HAPPIEST_WHEN
        18. opensocial.Person.Field.HAS_APP
        19. opensocial.Person.Field.HEROES
        20. opensocial.Person.Field.HUMOR
        21. opensocial.Person.Field.ID
        22. opensocial.Person.Field.INTERESTS
        23. opensocial.Person.Field.JOB_INTERESTS
        24. opensocial.Person.Field.JOBS
        25. opensocial.Person.Field.LANGUAGES_SPOKEN
        26. opensocial.Person.Field.LIVING_ARRANGEMENT
        27. opensocial.Person.Field.LOOKING_FOR
        28. opensocial.Person.Field.MOVIES
        29. opensocial.Person.Field.MUSIC
        30. opensocial.Person.Field.NAME
        31. opensocial.Person.Field.NETWORK_PRESENCE
        32. opensocial.Person.Field.NICKNAME
        33. opensocial.Person.Field.PETS
        34. opensocial.Person.Field.PHONE_NUMBERS
        35. opensocial.Person.Field.POLITICAL_VIEWS
        36. opensocial.Person.Field.PROFILE_SONG
        37. opensocial.Person.Field.PROFILE_URL
        38. opensocial.Person.Field.PROFILE_VIDEO
        39. opensocial.Person.Field.QUOTES
        40. opensocial.Person.Field.RELATIONSHIP_STATUS
        41. opensocial.Person.Field.RELIGION
        42. opensocial.Person.Field.ROMANCE
        43. opensocial.Person.Field.SCARED_OF
        44. opensocial.Person.Field.SCHOOLS
        45. opensocial.Person.Field.SEXUAL_ORIENTATION
        46. opensocial.Person.Field.SMOKER
        47. opensocial.Person.Field.SPORTS
        48. opensocial.Person.Field.STATUS
        49. opensocial.Person.Field.TAGS
        50. opensocial.Person.Field.THUMBNAIL_URL
        51. opensocial.Person.Field.TIME_ZONE
        52. opensocial.Person.Field.TURN_OFFS
        53. opensocial.Person.Field.TURN_ONS
        54. opensocial.Person.Field.TV_SHOWS
        55. opensocial.Person.Field.URLS
      4. Extending the Person Object
        1. Addresses (opensocial.Address)
        2. Body type (opensocial.BodyType)
        3. Email (opensocial.Email)
        4. Enum (opensocial.Enum)
        5. Name (opensocial.Name)
        6. Organization (opensocial.Organization)
        7. Phone (opensocial.Phone)
        8. Url (opensocial.Url)
      5. Capturing the User Profile
        1. Old method
        2. New method
    7. Using Friendships to Increase Your Audience
      1. Making a Request to Capture User Friendships
    8. Putting It All Together
      1. The Gadget Specification
      2. The Content Markup
      3. The JavaScript
      4. Running the Gadget
  9. 6. OpenSocial Activities, Sharing, and Data Requests
    1. What You’ll Learn
    2. Promoting Your Applications with OpenSocial Activities
      1. Personalizing an Application Experience by Consuming Activity Updates
      2. Driving Application Growth by Producing Activity Updates
        1. Pushing an activity to the user activity stream
        2. Setting an update priority
        3. Including visual media in an update
    3. Direct Sharing Versus Passive Sharing
      1. Direct Sharing
      2. Passive Sharing
      3. Balanced Sharing
    4. Making AJAX and External Data Requests
      1. Making Standard Data Requests
      2. Pushing Content with Data Requests
      3. Using Signed Requests to Secure a Data Connection
        1. Making a signed request
        2. Validating a signed request on the server
          1. Making the signed JavaScript request
          2. Validating the signed request on the server (RSA-SHA1 with public key certificate)
          3. Validating the signed request on the server (HMAC-SHA1)
    5. Putting It All Together
  10. 7. Advanced OpenSocial and OpenSocial Next
    1. What You’ll Learn
    2. Data Pipelining
      1. Data Request Types
        1. Container requests with <os:DataRequest>
        2. External data requests with <os:HttpRequest>
        3. People data requests with <os:PeopleRequest>
        4. Viewer and owner data requests with os:ViewerRequest and os:OwnerRequest
        5. Activity data requests with <os:ActivitiesRequest>
      2. Making Data Available to Proxied Data Requests
      3. Working with Pipelined Data on the Client
        1. Getting data objects
        2. Adding content to an existing data object
        3. Listening for changes to the data object
      4. Handling Errors Produced by the Data Pipe
      5. Dynamic Parameters
        1. Using values from UserPrefs and ViewParams as attributes
        2. Using values from a data pipe as attributes
    3. OpenSocial Templating
      1. A Different Approach to Markup and Data
        1. Dynamically creating the DOM nodes
        2. Building an InnerHTML string
        3. The OpenSocial templating approach
      2. Rendering Templates
        1. Automatic rendering
          1. Ensuring that data is available for a template prior to loading
          2. Rerendering templates with updated data sources
          3. Rendering data using custom tags
          4. Passing parameters through custom tags
      3. Expressions
      4. Special Variables
        1. Context
        2. Cur
          1. Explicitly setting the source of cur
        3. My
        4. Top
      5. Conditionals
        1. Method 1: Escaped values
        2. Method 2: Nonescaped values
        3. Rendering content on the existence of a value
      6. Looping Content
        1. Method 1: Escaped values
        2. Method 2: Nonescaped values
        3. Working with nested repeaters
        4. Specifying an index variable for the repeater
        5. Looping with context
        6. Looping with conditionals
      7. Marrying Data Pipelining and Templating
      8. Other Special Tags
        1. os:Html
        2. os:Render
      9. Template Libraries
        1. Creating a template library
        2. Loading template libraries
      10. JavaScript API
        1. Obtaining and processing the template
          1. Obtaining the template
          2. Processing the template
          3. Disabling templating autoprocessing
        2. Rendering the template
          1. Rendering the template to a variable
          2. Rendering the template to a DOM node
        3. A practical example
    4. A Few More Tags: The OpenSocial Markup Language
      1. Displaying a Person’s Name: os:Name
      2. Creating a Person Selector: os:PeopleSelector
      3. Display a Person’s Badge: os:Badge
      4. Loading External HTML: os:Get
    5. Localization Support with Message Bundles
    6. The OpenSocial REST API Libraries
      1. Which Libraries Are Available
    7. OpenSocial Next: Areas of Exploration
      1. Enterprise Containers
      2. Mobile Transitions
      3. Distributed Web Frameworks
    8. OpenSocial and Distributed Web Frameworks
      1. Activity Streams
        1. How would this change OpenSocial?
      2. PubSubHubbub
        1. How would this change OpenSocial?
      3. Salmon Protocol
        1. How would this change OpenSocial?
      4. Open Graph Protocol
        1. How would this change OpenSocial?
    9. Putting It All Together
  11. 8. Social Application Security Concepts
    1. What You’ll Learn
    2. Hosting Third-Party Code Through iframes
    3. A Secure Approach: The Caja Project
    4. Why Use Caja?
    5. Attack Vectors: How Caja Protects
      1. Redirecting Users Without Their Consent
      2. Mining a User’s Browser History
      3. Arbitrary Code Execution with document.createElement
      4. Logging the User’s Keystrokes
    6. Setting Up Caja
    7. Cajoling Scripts from the Command Line
      1. Cajoling HTML and JavaScript
        1. Running the cajoler
        2. The cajoled HTML
        3. The cajoled JavaScript
      2. Modifying the Cajoler Rendering Format
    8. Running Caja from a Web Application
    9. Running Caja with an OpenSocial Gadget
      1. Adding Caja to a Gadget
      2. A Practical Example
    10. Using JSLint to Spot JavaScript Issues Early
    11. Playing in the Caja Playground
    12. Tips for Working in a Caja Environment
      1. Implement Code Modularity: Don’t Cajole an Entire Project
      2. Use Precajoled JavaScript Libraries
      3. Don’t Rely on Firebug or the Cajoled JavaScript Source Code
      4. Don’t Embed Events in Markup
      5. Centralize JavaScript: Request Data and Markup Only
    13. A Lighter Alternative to Caja: ADsafe
    14. ADsafe Versus Caja: Which One Should You Use?
    15. How to Implement ADsafe
      1. Setting Up the ADSafe Object
      2. The DOM Object
      3. DOM Selection with the Query Method
        1. Working with pecker selectors
          1. Property selectors
          2. Attribute selectors
          3. State selectors
        2. Building advanced querying methods with hunter and pecker selectors
      4. Working with Bunch Objects
        1. Bunch GET methods
        2. Bunch SET methods
        3. Bunch miscellaneous methods
      5. Attaching Events
      6. Defining Libraries
    16. Putting It All Together
      1. The Data Source
      2. The Head: Script Includes and Styles
      3. The Body: Markup Layer
      4. The Body: JavaScript Layer
      5. The Final Result
    17. Conclusion
  12. 9. Securing Social Graph Access with OAuth
    1. Beyond Basic Auth
      1. Basic Auth Implementation: How It Works
      2. The Reasons Against Using Basic Authentication
        1. The client needs to store login information
        2. Having to send login information with every request
        3. Users can’t control or view which applications have their information
    2. The OAuth 1.0a Standard
      1. OAuth 1.0a Workflow
        1. Obtain a consumer key and secret
        2. Get the request token
        3. Get the user-verified request token
        4. Exchange the verified request token for an access token
      2. The End-User Experience
      3. Two-Legged Versus Three-Legged OAuth
        1. Implementing two-legged OAuth in JavaScript
          1. The includes
          2. Constructing the OAuth request URI
          3. Making and parsing the request
      4. Three-Legged OAuth Implementation Example
        1. Implementing OAuth 1.0a in PHP
          1. Common variables and functions
          2. Request token fetch and authorization forwarding
          3. Request token exchange and data requests
        2. Implementing OAuth 1.0a in Python
          1. Configuration file
          2. Common variables
          3. Fetching the request token and forwarding the user for authorization
          4. Token exchange and making authenticated private data requests
      5. Tools and Tips for Debugging Signature Issues
        1. Missing or duplicate parameters
        2. Double encoding the signature parameters
        3. Incorrect URI endpoints
        4. Invalid signature method
        5. Token expiration
    3. OAuth 2
      1. OAuth 2 Workflow
        1. Steps 1–2: Client requests authorization, and provider grants access
        2. Steps 3–4: Client requests access token, and provider grants access token
        3. Steps 5–6: Client requests protected resources, and provider grants protected resources
        4. Optional steps 7–8: Refreshing the access token
      2. Implementation Example: Facebook
        1. Creating your application
        2. Implementing OAuth 2 using PHP
          1. Common variables and functions
          2. Making the authorization request
          3. Obtaining the access token
          4. Making signed requests
        3. Implementing OAuth 2 using Python
          1. The App Engine configuration file
          2. Modules, common variables, and paths
          3. Obtaining authorization, acquiring the access token, and making requests
      3. Implementation Example: Requesting More User Information in the Facebook OAuth Process
        1. Data permissions
        2. Publishing permissions
        3. Page permissions
      4. Implementation Example: End-User Experience
      5. Tips for Debugging Request Issues
        1. Checking your request data
        2. Tracking access token expiration
        3. Responding to error codes
    4. Conclusion
  13. 10. The Future of Social: Defining Social Entities Through Distributed Web Frameworks
    1. What You’ll Learn
    2. The Open Graph Protocol: Defining Web Pages As Social Entities
      1. The Rise and Fall of Metadata
      2. How the Open Graph Protocol Works
      3. Implementing the Open Graph Protocol
        1. Defining page metadata
        2. Specifying geolocation data
        3. Specifying contact information
        4. Attaching video data
        5. Attaching audio data
        6. Defining products using object types
      4. A Real-World Example: The Facebook Open Graph
        1. The markup
      5. Practical Implementation: Capturing Open Graph Data from a Web Source
        1. PHP implementation: Open Graph node
        2. Python implementation: Open Graph node
      6. The Shortcomings of the Open Graph Protocol
        1. Inability to implement tiered definitions to differentiate similar objects
        2. Page versus object definitions
    3. Activity Streams: Standardizing Social Activities
      1. Why Do We Need to Define a Standard for Activities?
      2. Implementing Activity Streams
      3. Object Types
        1. General object types
      4. Verbs
        1. General verbs
    4. WebFinger: Expanding the Social Graph Through Email Addresses
      1. Finger to WebFinger: The Origin of WebFinger
      2. Implementing WebFinger
      3. The Shortcomings of the WebFinger Protocol
        1. Public data
        2. Provider implementation differences
    5. OExchange: Building a Social Sharing Graph
      1. How Does OExchange Work?
      2. The Uses of OExchange
      3. Implementing OExchange
        1. 1. Service provider (target) integrates discovery and publishing tools
        2. 2. Publisher (source) performs discovery on service provider
          1. Directly via the XRD file
          2. Through hostname discovery
          3. Through individual page discovery
        3. 3. Publisher sends content offer to service provider
    6. PubSubHubbub: Content Syndication
      1. How Does PubSubHubbub Work?
        1. 1. Subscriber polls publisher’s feed
        2. 2. Subscriber requests subscription to the publisher’s feed updates from the hub
        3. 3. Hub verifies subscriber and request
        4. 4. Publisher notifies hub of content updates
        5. 5. Hub shares new content with subscribers
      2. The Benefits: From Publishers to Subscribers
        1. Publisher: No repeated polling from multiple sources
        2. Subscriber: No need for repeated polling
        3. Publisher and subscriber: Identical content across multiple subscribers
      3. Hosted Hubs and Implementation Services
      4. Workflow Libraries
        1. Subscriber clients
        2. Publisher clients
      5. Building a Publisher in PHP
      6. Building a Publisher in Python
      7. Building a Subscriber in PHP
      8. Building a Subscriber in Python
    7. The Salmon Protocol: Unification of Conversation Entities
      1. The Salmon Protocol Workflow
        1. 1. Publisher pushes updated content to subscriber
        2. Subscriber pushes updated content back upstream to publisher
        3. Publisher pushes updated content to all subscribers
      2. Building on the Foundation of PubSubHubbub
      3. Abuse and Spam Protection
      4. Implementation Overview
    8. Conclusion
  14. 11. Extending Your Social Graph with OpenID
    1. The OpenID Standard
      1. Decentralization Is Key
      2. Improvement over Traditional Login
      3. Accessing the Existing Membership Database and Social Graph
    2. Do I Already Have an OpenID? How Do I Sign Up for One?
    3. The OpenID Authentication Flow
      1. Step 1: Request Login with OpenID Identifier
      2. Step 2: Perform Discovery to Establish the Endpoint URL
      3. Step 3: Request User Authentication
      4. Step 4: Provide Passed or Failed State
    4. OpenID Providers
    5. Bypassing Domain Discovery Errors in OpenID
    6. OpenID Extensions
      1. Simple Registration Extension
      2. Attribute Exchange Extension
        1. Attribute exchange types: Addresses
        2. Attribute exchange types: Audio and video greetings
        3. Attribute exchange types: Date of birth
        4. Attribute exchange types: Email
        5. Attribute exchange types: Images
        6. Attribute exchange types: Instant messaging
        7. Attribute exchange types: Name
        8. Attribute exchange types: Telephone
        9. Attribute exchange types: Websites
        10. Attribute exchange types: Work
        11. Attribute exchange types: Other personal details and preferences
      3. Provider Authentication Policy Extension
        1. Phishing-resistant authentication
        2. Multifactor authentication
        3. Physical multifactor authentication
        4. NIST assurance levels
      4. Extensions Currently Under Development
        1. OpenID user interface work group proposal
        2. Contract exchange
        3. OpenID and OAuth hybrid extension
    7. Implementation Example: OpenID
      1. Implementing OpenID Using PHP
        1. The discovery form
        2. The common includes, functions, and globals
        3. The authentication request
        4. The authentication callback
          1. Checking the OpenID authentication state
          2. Capturing values returned by Simple Registration
          3. Checking the PAPE policy states
          4. Capturing values returned by Attribute Exchange
      2. Implementing OpenID Using Python
        1. Getting the required OpenID library
        2. The markup file
        3. The discovery form
        4. The authentication request
          1. OpenID identifier discovery and request setup
          2. Setting up the OpenID extension requests
          3. Displaying the authentication login
          4. Printing messages and initiating program execution
        5. The authentication callback
          1. Completing authentication
          2. Capturing the return values of the OpenID extension requests
          3. Printing out our response objects
    8. Common Errors and Debugging Techniques
      1. Callback URL Mismatch
      2. Undiscoverable OpenID Identifier
    9. Conclusion
  15. 12. Delivering User-Centric Experiences with Hybrid Auth
    1. The OpenID OAuth Hybrid Extension
      1. Current Implementers
    2. When Should I Use OpenID Versus Hybrid Auth?
      1. Questions to Ask Yourself Before Choosing
        1. Does the provider I am working with support hybrid auth? Where can I find out?
        2. What information about the user am I trying to obtain?
      2. Pros and Cons: Standard OpenID
      3. Pros and Cons: Hybrid Auth
    3. The OpenID OAuth Hybrid Auth Flow
      1. Step 1–2: Perform Discovery (OpenID Steps 1–2)
      2. Step 3: Request User Authentication Permissions
      3. Step 4: Provide OpenID Approved/Failed State and Hybrid Extension Parameters
      4. Step 5: Exchange the Preapproved Request Token for an Access Token
      5. Step 6: Make Signed Requests for Privileged User Data
    4. Implementation Example: OpenID, OAuth, and Yahoo!
      1. Application Setup: Getting Your OAuth Keys for the Hybrid Auth Process
      2. Implementing Hybrid Auth Using PHP
        1. The discovery form
        2. The common includes, functions, and globals
        3. The authentication request
        4. The authentication callback
          1. Completing the OpenID process
          2. Checking the OpenID response and processing the Attribute Exchange data
          3. Turning the OpenID preapproved request token into an OAuth access token
          4. Making requests with the OAuth access token
      3. Implementing Hybrid Auth Using Python
        1. Library dependencies
          1. OpenID
          2. OAuth
        2. The markup file
        3. The request form
        4. Common variables
        5. The authentication request
          1. Performing discovery and building an OpenID consumer object
          2. Attaching extensions and OAuth hybrid parameters
          3. Helpful function and initialization
        6. The authentication callback
          1. Capturing response objects and preparing the OpenID consumer request object
          2. Completing the OpenID process and extracting the data
          3. Checking the OpenID status and obtaining the access token
          4. Making signed requests for protected user resources
    5. Conclusion
  16. A. Web Development Core Concepts
    1. A Brief Tour of Open Source Standards
      1. What Are the Benefits and Drawbacks of Using Open Source Standards?
        1. Benefits
        2. Drawbacks
      2. Are Open Source Standards the Solution to Everything?
    2. Web Service APIs
    3. HTTP Response Status Codes
    4. Understanding the Same-Origin Policy
      1. How Is Origin Determined?
      2. Bypassing the Same-Origin Policy Requirements
    5. REST Requests
      1. GET Request
      2. POST Request
      3. PUT Request
      4. DELETE Request
      5. HEAD Request
    6. Microformats and the Semantic Web
    7. Installing Subversion (SVN)
      1. Installing on Mac OS X
      2. Installing on Windows
    8. Installing Apache HTTP Server
      1. Installing on Mac OS X
      2. Installing on Windows
    9. Setting Up Your PHP Environment
      1. Installing on Mac OS X
      2. Installing on Windows
    10. Setting Up Your Python Environment
  17. Glossary
  18. Index
  19. About the Author
  20. Colophon
  21. Copyright