Open Social is a standard for developing applications for social network sites that was introduced by Google. The standard was not welcomed with ecstatic applause, however more and more social networks started to embrace it. It evolved over time and today, Open Social is supported by such big players as MySpace, Orkut or VZ network. It’s basic competitor is framework used on Facebook, currently the biggest player on the market, and they share the same basic concepts and quite similar APIs, however not compatible.

Best way to get into OpenSocial development is to visit http://opensocial.org and browse documentation and tutorials. It’s easiest to get started with simple HTML + JavaScript only application, however sooner or later you’ll need to make backend calls to your server and framework of choice. If you are like me, you won’t choose PHP or Java for this task, but Ruby on Rails, Sinatra or just a custom Rack module.

To make your gadget load content from your backend server, you usually use gadgets.io.makeRequest function, which is more or less equivallent to making normal AJAX call, in terms of usage and capabilities. It does it in some unexpected way, hover. If you look in tool like Firebug into such call, you’ll see that request wasn’t sent to your server, but to servers of social network you are developing for. This is intended, and Facebook API works very similar way too. All requests first hit servers of social network, are parsed then and additional information of current viewer and owner (person who has the gadget installed) is appended, along with digital request signature. You could look into your Rails log file to see those.

The digital signature is important to verify that requests are coming from social network, and viewer/owner parameters are genuine. It’s up to you and your application to verify it, but you really should do that. To verify signature made by social network, you’ll need oauth gem and Oauth key and secret. You should get those when subscribing as a developer for your social network or when you create new gadget. For details you should refer to help of individual network.

Basic verification of signature should be as easy as this:

OAuth::Signature.build(request, consumer: OAuth::Consumer.new(KEY, SECRET)) 

an exception will be thrown if signature of HTTP request is not valid, and you can continue otherwise.

In this short series of articles, we are going to introduce you to OpenSocial applications development with Rails, and we’ll build cool quizzes tool. Stay tuned!

Post by Hubert Łępicki

Hubert is partner at AmberBit. Rails, Elixir and functional programming are his areas of expertise.