Making auth easier: OAuth 2.0 for Google APIs

One of the most exciting things about the architecture of the web is how easily it supports mashups—URLs, IFRAMEs, XHR, and more make it easy to build great new services on top of building blocks from others. As more and more people use the web for non-public data, we need new techniques to secure those building blocks. That’s where OAuth comes in—an open, standard way for users to grant permission for an application to access part of their account.

Since we announced support for OAuth in 2008, we’ve seen tremendous usage growth in our APIs that require user authorization, like Calendar and Docs. While the spec isn’t completely finalized, Google is pleased to announce our experimental support of an easier way for developers to obtain user authorization for our APIs: OAuth 2.0 with bearer tokens. Whether you use our updated client libraries or just write to the protocol, you should be able to do more with less code.

In addition to supporting a simplified protocol, we’re also introducing a simpler, cleaner consent page for OAuth 2.0:

Google believes in open systems that give users value, transparency and control. We hope the OAuth 2.0 protocol helps developers deliver just that: powerful applications that make use of user data without compromising on safety or security. Check out our documentation to get started with OAuth 2.0.

Wired Big Ideas for 2011: Chatitecture – Talking Buildings

We are pleased to say that in at number 24 of Wired Magazines ‘Big Ideas for 2011’ is Chatitecture, part of the Tales of Things project. Over the past 8 months a group of us have been developing technology to allow buildings to ‘talk’, to communicate their history, their architecture and the stories of people passing through.

Its simple to do, just sign up with Tales of Things, upload a image of your building of choice (under 2mb) and add a story. Your building will then go live and your be able to add it to the architecture group. If you want you can also print out a QRCode that you can stick to the building allowing anyone to scan the code and add to the story/history of the building via the free iPhone/Android apps.

Your building will also be able to ‘Tweet’ everytime it is scanned or a new comment/story added, it will also become part of the ‘World of Things’ map – a place to view all the objects added so far to the site.

The project team are working on ways to make the objects more location aware and aware of near by objects, it could be interesting over the next few months to see how this develops.

You can start tagging anything and everything via

Mixi’s new platform feature: "Apps for Touch"

We are happy to announce that a smart-phone platform has been launched on mixi Platform.

mixi Platform supports OpenSocial v0.8.1 and have executed applications for two devices “PC desktop” and “Japanese feature-phones” last year. The specification of our feature-phone platform has been proposed as the “OpenSocial WAP extension”, and this specification has been adopted by other platforms in Japan. If you would like to know more, please check the link below:

Recently, we have launched a new feature to mixi Platform. We call it “mixi apps for Touch”. The saturation level of smart-phones is currently increasing in Japan as many people already use the iPhone, and there are many release plans of smart-phones based on Android. Currently, 17 applications have already been launched as mixi apps for Touch, and these developers have attracted many users. The below image is the screenshot of one mixi application executed on the smart-phone. A single mixi application can support three devices — PCs, feature-phones and smrt-phones at same time.

Figure 1. Screenshots of mixi apps for Touch

Basically, mixi apps for Touch is a Web browser based application and is not a native iPhone/Android application which you download from an application market/store. Technically, the view name of mixi apps for Touch is “touch”, and the value of the type attribute is specified as “url”. This definition is written in gadget spec file with definitions for other devices. The below image is the architecture to describe mixi apps for Touch.

Figure 2. Architecture of mixi apps for Touch

The application is executed in the iframe placed on mixi’s page. One of mixi app’s features is that the domain in the iframe is not mixi’s domain, and is of the developer’s server. Therefore, application developers can generate the contents on his/her server similarly to developing a general web site.

Developers need the OpenSocial RESTful API to use social data, and a 2-legged OAuth is adopted to the authorization mechanism. On the other hand, when developers want to use APIs (invitation, posting activity, and etc) with a user-flow (need to show Popup window), a JavaScript file provided by mixi Platform is loaded by using a script tag. The function written in the script file calls the function which exists on the parent frame, and the user-flow will be executed. Of course, Payment and Ad programs are available for monetization (the Payment API is based on OpenSocial Virtual Currency API).

We believe that our platform will be able to bring OpenSocial more scaling to many devices. For more information, please visit our developer’s site “mixi Developer Center”.

For more information, please visit the mixi Developer Center.

Posted on behalf of Yoichiro Tanaka, mixi, Inc., by Mark Weitzel, President, OpenSocial Foundation