O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Application Permission Concepts

Applications within a social application container do not automatically have access to a user’s social profiles, activity streams, and friendships—that would be a major security concern. Containers usually require that the application define the permission scopes it needs access to. As shown in Figure 1-8, these scopes will be requests that a user must agree to when installing the application.

An application permission screen

Figure 1-8. An application permission screen

Typically, social scopes are defined as major pieces of social information about a user, such as his:

  • Profile

  • Activity stream

  • Friendships

Each container may define different scopes or even include a number of nonsocial scopes that a container may gain access to. Once the user accepts the scopes, the container can do things on his behalf. For the three aforementioned social scopes, these things may respectively include:

  • Allowing the application to capture all information within the user’s profile.

  • Allowing the application to obtain any activities in the user’s activity stream and to push new activities to this stream on the user’s behalf.

  • Allowing the application to obtain the profiles for all of the user’s friends. Although those friends have not necessarily added the application, once a user declares that someone is his friend, it establishes a trust relationship, and applications capitalize on this. Essentially, the user trusts that friend with his personal information. When that friend in turn trusts an application with her information, there exists a trust “bridge” between the application and the friends. Some containers impose restrictions on how much social information can be obtained with these predefined trust relationships.

These scopes are usually secured through authorization mechanisms such as OAuth, which require that a user sign in through the container when he grants permissions to an application.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required