Remote Function Calling

From The Socknet

Jump to: navigation, search

Remove Function Calls allow a remote service or provider to send a user to his own provider with some data that should be then sent to a function on another provider.

Specification

See remote_function_call.

Common Example

A common example is friending:

  1. UserA visits UserB's profile.
  2. UserA wants to befriend UserB, so he clicks a button that says "Make Friends", UserB's provider calls remote_function_call on UserA's provider, passing it the function name "friend_request" and some relevant data.
  3. UserA is redirected to his own provider to verify that he wants to make friends.
  4. UserA clicks "Yes" and his provider calls request_friends on UserB's profile.
  5. UserA is redirected back to UserB's profile.

Example: 

POST remote_function_call
{ from: { ... UserB ...
          },
  target: { ... UserB ...
                 }
  function: "friend-request",
  data: {
  	... data to pass on to friend-request ...
  },
  return: "http://providerB.com/UserB/profile"
}

->
{ redirect: "http://providerA.com/UserA/verify/2353828385"
}

The data passed through should be verified with the user. In addition, it should be sanitized: the provider should ensure that only data fields which are expected are passed through. Fields which are unknown should be deleted. In fact, any fields may be deleted and dangerous XHTML may be cleaned up.

Considerations

This function can call any other function, so it is wise to use a white-list technique to ensure that no strange requests are made.

For example, there may be no reason for remote_function_call to call remote_function_call.

A provider should keep an eye on logs of these requests that it refuses. The developer may wish to lookup and begin supporting these functions.

Retrieved from "http://socknet.net/w/Remote_Function_Calling"
Personal tools