Hi StatusTeam ! Just wanted to let you know that I can now receive, and verify the signature, of incoming salmon slap from status.net to my node-ostatus lib ! The code needs some refactoring; but you can already have a look on this branch: https://github.com/eschnou/node-ostatus/tree/feature_salmon
However, I had two issues, mainly due to the salmon spec having evolved in the recent months and not reflected in statusnet today. Do you have any plans to update to the latest spec ? Otherwise I'll have to add special cases in my code and don't really favor that. 1. Padding is causing problems. It seems the base64 encoder in PHP does not behave like the node.js one, so that sometimes the armored string computed are different; sometimes not. This was tough to debug since it works from time to time. However, in the last release of the spec, it is required to strip all padding before doing any signature (for this exact reason I assume). If I hack the statusnet code (see below), then it works great every time. 2. You are using deprecated rel values, that is less of an issue but still confusing :-) 3. If a user has salmon links in his webfinger XRD, but also exposes an activity feed, the links are not discovered (the XRD is skipped) and searched inside the feed. For the base64, I changed your base64_url_encode function in MagicSig.php to strip the padding: public static function base64_url_encode($input) { return str_replace('=','',strtr(base64_encode($input), '+/', '-_')); } Next: me slapping you, hopefully it will be straightforward, and then time for a SWAT0 video :-) Cheers, Laurent
_______________________________________________ StatusNet-dev mailing list StatusNet-dev@lists.status.net http://lists.status.net/mailman/listinfo/statusnet-dev