Imagine I want to create a Rock-paper-scissors game for Google Waves. I am going to implement it as a wave gadget.
The idea is simple: all participants send their solutions to my cloud app (Appengine Java application), my part of the server collects this data and does not share anyone until all participants complete their selection. After that, the choice will be common to all participants and the winner.
I can use wave.getViewer().getId()to identify the user on the server at the time gadgets.io.makeRequest. I work great. But how can I make sure on the server side that the incoming request is valid from this particular wave user? (How can I say that the wave of the participant identifier is not hacked on the client side? Any wave container signature that allows to determine the participant identifier of the wave?)
What are the best methods for authenticating Google members on my appengine side? Give examples if possible.
My actual gadget is more complicated, but the problem is as described above.
source
share