Approving an OpenSocial widget or Web widget configured for embedded experiences that has been added to the widget catalog consists of reviewing, approving and making the widget available as an embedded experience to client users. The widgets that provide client users with embedded experiences in IBM® Domino® must be and require some additional configuration.
Field | Description |
---|---|
URL (required field) | The URL pattern for the proxy. The URL can
include the wildcard character *, but only in its last path component.
For example, the URL may contain http://www.example.com/images/*.
However, http://www.example.com/*/images is
not valid. For example, this URL http://www.example.com/foobar/test/* is valid and matches http://www.example.com/foobar/test/test.jsp, or http://www.example.com/foobar/test/someOtherstuff. A proxy URL such as http://www.example.com/foobar/test* is not the same, and is not likely to match any target URLs. The URL may contain only the wildcard character. At runtime, the URL contained in the request made by the gadget is compared against each of the different proxy URLs for the gadget. When a match is found, the Actions, Headers, Cookies, and MIME type restrictions are applied to the request. |
Actions (required field) | Select one or more of these actions: GET, POST, PUT, DELETE, HEAD. Any action entered here is permitted for any request matching the URL. By default, no actions are permitted. |
Headers | Defines the headers that can to be added to
a request made from the gadget server. Headers are values sent by
a request to a server indicating how the request should be treated
and how the response should be returned. The HTTP specification defines
a number of headers as a standard. The token value [default] can now
be used instead of specifying the individual headers. Applications can add additional headers to the request. A gadget's request can include additional headers to be set. However, if those additional headers are not permitted by the proxy setting, then the headers are not allowed. If a request depends on additional headers, those headers must be defined. Use commas to separate individual entries in a list of headers. Follow the Internet specification for header names. Header names may contain a wildcard character (*) to match parts of names. For example, if the header name is MyH*, then both MyHeader and MyHome are permitted. If nothing is specified, the default set of headers containing Cache-Control, Pragma, User-Agent, Accept*, Content* is used. If an additional header is required, the header list must contain the desired default headers, as well as the required additional header. For example, to add client_secret to the list of headers, the field would contain Cache-Control, Pragma, User-Agent, Accept*, Content*,client_secret. The token value [default] can be used here to represent the default headers, so adding client_secret can also be done by specifying [default], client_secret. If the wildcard * is specified, all headers are permitted. To prevent any headers from being sent, add a single header name to the field, and do not include any default headers. For example, specify No_Headers to prevent all headers from being sent. Note The Set-Cookie header is handled separately using the Cookies field, and should not be specified in the Headers field. |
Cookies | Cookies are informational elements that transfer
data between client and server. Gadget requests may contain cookie
values that they desire to set. The Cookies field defines the set
of cookies allowed to be passed through the server. Use commas to separate multiple cookie names. Specify the full cookie name. No wildcard characters are permitted. |
MIME Types | Set limitations on the request/response style
specified with this field. Use commas to separate multiple values. The wildcard character (*) is permitted in the MIME types. An empty value, or a value of * permits all MIME types to be used. |
Field | Description |
---|---|
Application Id | URL to the OpenSocial widget's XML file. Domino supplies this value. |
Service Name | Domino supplies this value. |
OAuth Request Token URI | Domino supplies this value if the value is available
in the XML file. The value is specific to the OAuth service in use. If the field does not contain a value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
OAuth Access Token URI | Domino supplies the value in this field if the
value is available in the XML file. The value is specific to the OAuth
service in use. If the field does not contain a value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
*Consumer Key** | Part of the identification information used
for authenticating the server with the resource provider. This value
is obtained by means of a registration process with the resource provider. To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
*Signature Method | The signature style used when generating requests
to a specific resource provider. To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
*Consumer Secret** | Part of the identification information used
for authenticating the server with the resource provider. This value
is obtained by means of a registration process with the resource provider. To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
Field | Description |
---|---|
Application Id | URL to the OpenSocial widget's XML file. Domino supplies this value. |
Service Name | Domino supplies this value. |
AllowModuleOverrides | True (default) or False Indicates whether or not URLs specified in the widget XML can be used. A value of true allows widget XML URLs to be used. A value of false will use only the URLs supplied from the database document. |
OAuth Authorization URL | Domino supplies this value if the value is available
in the XML file. The value is specific to the OAuth service in use. If the field does not contain a value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
OAuth Request Token URI | Domino supplies this value if the value is available
in the XML file. The value is specific to the OAuth service in use. If the field does not contain a value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
OAuth Access Token URI | Domino supplies this value if the value is available
in the XML file. The value is specific to the OAuth service in use. If the field does not contain a value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
*Consumer Key** | Part of the identification information used
for authenticating the server with the resource provider. This value
is obtained by means of a registration process with the resource provider. To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
*Consumer Secret** | Part of the identification information used
for authenticating the server with the resource provider. This value
is obtained by means of a registration process with the resource provider. To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
Client Type | To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
Grant Type | To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
ClientAuthorization Type | To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
UseAuthorizationHeader | True (default) or False UseAuthorizationHeader is set to True by default. The UseAuthorizationHeader setting indicates whether or not to include OAuth2 protocol content items as headers. At least one of the fields UseAuthorizationHeader or UseUrlParameter should be set to true. Including the OAuth2 protocol content items as headers only is more secure than using url parameters, especially when using HTTPS. To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
UseUrlParameter | False (default) or True Indicates whether
or not to include OAuth2 protocol content items as URL parameters.
At least one of the fields UseAuthorizationHeader or UseUrlParameter should
be set to true.
Note: Including the OAuth2 protocol content items
as headers only is more secure than using url parameters, especially
when using HTTPS.
To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |
SharedTokens | False (default) or True Indicates whether or not an access token from a resource provider that matches the service name and consumer key can be used for multiple gadgets. To determine this value, check with the original provider of the gadget that was used to create the OpenSocial widget. |