On the browser / javascript side I have:
var params = {};
params[gadgets.io.RequestParameters.CONTENT_TYPE] =
gadgets.io.ContentType.JSON;
params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.SIGNED;
params[gadgets.io.RequestParameters.METHOD] =
gadgets.io.MethodType.POST;
params[gadgets.io.RequestParameters.POST_DATA] =
'contributor=ag9hc3RvdW5kbGVhcm5pbmdyEQsSCkN1c3RvbVVzZXIY_Q0M&contributor=ag9hc3RvdW5kbGVhcm5pbmdyEQsSCkN1c3RvbVVzZXIYvA0M
&contributor=ag9hc3RvdW5kbGVhcm5pbmdyEQsSCkN1c3RvbVVzZXIYvw0M&contributor=ag9hc3RvdW5kbGVhcm5pbmdyEQsSCkN1c3RvbVVzZXIYlw4M
&setKey=ag9hc3RvdW5kbGVhcm5pbmdyDwsSCFN0dWR5U2V0GO0NDA';
var callback = function(){};
var url = 'http://kdoan.dyndns.org/ajax/adContributor.json';
gadgets.io.makeRequest(url,callback,params);
On the server (python, GAE), I have:
def _isValidSignature(self):
publicKeys = {}
publicKeys['www.google.com'] =
"""0x00d0515eee9087c88b16e890738d18c5bdf9e77413d5f89bdf48f2ea4f429de202da88bd6b3b5c26c06c6ab3407d6a5fd634d21ad0e514508fc388ded46242cfca7f319639dbcba48939a17a5d4f9f2d838165621e5f6e1228568567e06bed4a32a6245b2833c351b442472f569677ef9d5f39108c4b0d7015f042f7c36f46276d"""
public_key_str = publicKeys[consumerKey]
public_key_long = long(public_key_str, 16)
public_key = RSA.construct((public_key_long, exponent))
# Rebuild the message host locally
oauth_request = oauth.OAuthRequest(http_method =
self.request.method,
http_url=self.request.url,
parameters=self.request.params.mixed())
message = '&'.join((oauth.escape
(oauth_request.get_normalized_http_method()),
oauth.escape(oauth_request.get_normalized_http_url()),
oauth.escape(oauth_request.get_normalized_parameters
()),))
local_hash = hashlib.sha1(message).digest()
# Apply the public key to the signature from the remote
host
sig = base64.decodestring(urllib.unquote
(self.request.params.mixed()["oauth_signature"]))
remote_hash = public_key.encrypt(sig,'')[0][-20:]
# Verify that the locally-built value matches the value
from the remote server.
if local_hash == remote_hash:
return True
else:
logging.info('Either oauth_consumer_key: ' +
consumerKey + ' does not exist in publicKeys or the container changed
its public key' + "\n")
return False
This code is modified from
http://wiki.opensocial.org/index.php?title=Building_an_OpenSocial_App_with_Google_App_Engine#Sending_and_verifying_signed_requests
My POST data is constructed from a form which include multiple
checkboxes with the same name being 'contributor'. If I only select
one checkbox, everything works fine. If I select multiple checkboxes,
then my _isValidSignature method return False. What am I doing wrong?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"iGoogle Developer Forum" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/Google-Gadgets-API?hl=en
-~----------~----~----~----~------~----~------~--~---
