Help documentation

ThoughtWorks Studios products use the OpenSocial gadget stack to provide UI integrations. This provides a secure, standards-based platform for displaying one application's content in another application. Part of this infrastructure is that Mingle is itself an OpenSocial gadget rendering server. That is, it's possible to display most any Open Social gadget in Mingle using Mingle's OpenSocial gadget macro. For the most part, a gadget is simply a piece of content from another application, such as a weather forecast map or a Go pipeline status indicator. If you use iGoogle and have customized your home page, you have worked with OpenSocial gadgets.

Out of the box, most gadgets are publicly available content that do not require authentication and authorization. However, some gadgets, such as those published by the ThoughtWorks Studios products Mingle and Go, do require authorization. To accomplish this, Mingle's gadget rendering server supports OAuth 2.0 services. If gadget content can be securely accessed via OAuth 2.0, Mingle will be able to render that content. If the gadget content is secured through some other means, Mingle will not be able to display that gadget.

Enabling Mingle for OAuth 2.0 enabled gadgets does require the Mingle administrator to take extra configuration steps.

A gadget rendering server with OAuth 2.0 capabilities similar to what Mingle provides would be capable of showing ThoughtWorks Studios gadgets. That is, if iGoogle were to start supporting OAuth 2.0 in conjunction with its gadget support, and your Mingle instance was on a public server, it would be possible to display ThoughtWorks Studios gadgets on your home page. This is not currently possible so look for more on this from us in the future.

OAuth is an open-standard that enables a user to share private protected resources, e.g. photos or financial records, which she stores on one site or application with another one of her commonly used sites or applications without asking her to share any passwords between the two sites. OAuth is quickly becoming a widely adopted standard, with implementers including Yahoo, Facebook and Twitter.

In the context of ThoughtWorks Studios applications the private protected resources are the data. For example, if someone had configured Mingle and Go integration, a Mingle user will only be allowed to see Go Pipelines in Mingle that he would normally be allowed to see in Go. That is, when Mingle show's Go data in its pages, the Go authorization rules are not relaxed to allow all members of that Mingle project to automatically see the pipeline. The same can be said when Go shows Mingle data in its pages. It should also be possible to maintain this principle when showing Mingle or Go content in a 3rd party, non-ThoughtWorks Studios context.

In order to make this work, Mingle and Go (and in the future all Studios server-based applications) use OAuth 2.0 (v9) as a means of allowing a user of one application to establish his identity in the other application, while also granting the privilege of data access on his behalf. Both applications are OAuth providers. Both applications run a gadget rendering server capable of acting as an OAuth client. Currently, OAuth is only used for gadget-related communication, but we plan on expanding what data can be made available via OAuth in the future.

Below is a series of movies we've made that explain how OAuth works. Part 1 covers the basics and is likely enough for most users. Parts 2-4 get into the more technical details of how the protocol works.