2-legged OAuth authorizes your app to access the information of anyone who
has installed your application on the container you are connecting to. This
style of authorization is best for background processing for an app which
runs inside of a social network.

3-legged OAuth allows users who have not installed your application on a
social network to grant access to their data to your application. This style
of authorization is best for websites which want to work with social data
but do not run applications inside of social networks.

So, just to give an idea about what you need to do, using 2-legged:

1- You need an opensocial app (web), which users need to install on their
profile;

2-  Ask users to give an identifier (email, username, etc). During this time
you must persist data on your server, sending the opensocial id +
identifier;

3- You can use REST or RPC to create your application. Ask user to give that
identifier and then you can grab opensocial id from your database;


from http://code.google.com/p/opensocial-php-client/wiki/HowToConnecting