The http://scratch.mit.edu/api/authenticateuser api defined in http://trac.assembla.com/scratchr/brows … roller.php may cause privacy problems and confusion as giving scratch credentials to another person may cause hacking. So I think that instead of signing in on the website where the api is being used, it would redirect to a scratch page, which is given parameters about what apis the website wants, where the user can grant/decline access to the api(s) the website needs, and then the website would get a token to use to get the api response.
You could use openid for login stuff.
Proposed parameter(s)
apis - An array of the apis that the website wants
Proposed apis
loggedinscratcher - Returns the username of the currently logged in scratcher
emailaddress - Returns the email address of the currently logged in scratcher
More coming soon!
Returns false when access is declined.
Example
A request to:
http://scratch.mit.edu/api/authenticateuser?apis=loggedinscratcher
returns a token. Let's imagine it's aa000. You can then go to
http://scratch.mit.edu/api/loggedinapis?token=aa000
which returns
comp500
because I specified the loggedinscratcher api in the first url.
Suggestion here.
Last edited by comp500 (2011-07-09 12:15:02)
Offline