||[May. 30th, 2005|03:56 am]
LiveJournal Client Discussions
I'm interested in making an AIM interface to LiveJournal. It would most likely be an AIM bot which you would IM posts to. The bot would run on someone's server... mine right now. (eventually LiveJournal's?)
Has anything like this been done before? If so, please let me know.
I'm interested in using PHP, Java, and MySQL. Joscar seems to be a good AIM library for Java. Does anyone know of a good Java - MySQL library? Is JDBC good?
Any suggestions, comments, etc will be appreciated!
The way I see it is roughly as follows. When you first contact the aim bot, it asks you for your LJ user name, at which point it pairs your AIM sn with your LJ username. The server running the bot, then asks LJ for you OpenID server, using the URL of some informational page of the bot on the same server. You then add that URL to your allowed list.
Then when you post, the server running the bot does the whole OpenID handshake pretending it's a browser.
The big issue which is not really covered, is that I don't think OpenID will be allowed to be used to post top level entries onto LJ. But it's not entierly clear what LJ will expose as a server. I want to ask brad
what exactly will be exposed when he comes to my local LUG (next week).
Granted I'm almost certainly missing something because having read the documentation a few times now, I don't see how it really works. But given that one of the things OpenID can do is allow meemes to access your protected and private entries and to have your protected and private entries show up in your RSS/Atom feed, I assume that if posting using an OpenID identitiy is allowed, than what I'm describing can be done.
err, what LJ will expose as a Client.
2005-06-02 10:44 pm (UTC)
Disclaimer: I understand the basic approach of OpenID etc., and have skimmed the docs, but the current docs are way too vague for me to pore over the details thereof. So I may not have this right.
At some point during that first-contact process, you have to sign into LJ with your password. That means you have to use a web interface to configure the AIM bot (which means this can't all be done over AIM) or you have to send it your password over AIM (which would be very bad.)
Also, I don't think the signed permission given to the bot by LJ would persist very long. As a security measure, usually these things time out pretty quickly. That means you'd have to go through the config process over and over.
You have to tell your OpenID server that the AIM bot is allowed (seeing as LJ will almost certainly be your server, you'd use the LJ interface, requiring a signon to the Web interface).
The LJ OpenID server already supports perment permision grant. Yes the bot will have to jump through the hoops all the time, but the user will not need to participate in the authentication.
Also you don't need to configure the AIM bot with a web interface, you can provide a link to the users OpenID authentication page inside the AIM conversation, when it is required.