Hi, I don't know if its just me or if anyone is experiencing the same problems but I just cannot seem to validate signed requests when using AuthorizationType.SIGNED and MethodType.GET
i.e. setting params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.SIGNED; params[gadgets.io.RequestParameters.METHOD] = gadgets.io.MethodType.GET; The certificate I'm using is: -----BEGIN CERTIFICATE----- MIIDBDCCAm2gAwIBAgIJAK8dGINfkSTHMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzETMBEG A1UEChMKR29vZ2xlIEluYzEXMBUGA1UEAxMOd3d3Lmdvb2dsZS5jb20wHhcNMDgx MDA4MDEwODMyWhcNMDkxMDA4MDEwODMyWjBgMQswCQYDVQQGEwJVUzELMAkGA1UE CBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJ bmMxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDQUV7ukIfIixbokHONGMW9+ed0E9X4m99I8upPQp3iAtqIvWs7XCbA bGqzQH1qX9Y00hrQ5RRQj8OI3tRiQs/KfzGWOdvLpIk5oXpdT58tg4FlYh5fbhIo VoVn4GvtSjKmJFsoM8NRtEJHL1aWd++dXzkQjEsNcBXwQvfDb0YnbQIDAQABo4HF MIHCMB0GA1UdDgQWBBSm/h1pNY91bNfW08ac9riYzs3cxzCBkgYDVR0jBIGKMIGH gBSm/h1pNY91bNfW08ac9riYzs3cx6FkpGIwYDELMAkGA1UEBhMCVVMxCzAJBgNV BAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUg SW5jMRcwFQYDVQQDEw53d3cuZ29vZ2xlLmNvbYIJAK8dGINfkSTHMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYpHTr3vQNsHHHUm4MkYcDB20a5KvcFoX gCcYtmdyd8rh/FKeZm2me7eQCXgBfJqQ4dvVLJ4LgIQiU3R5ZDe0WbW7rJ3M9ADQ FyQoRJP8OIMYW3BoMi0Z4E730KSLRh6kfLq4rK6vw7lkH9oynaHHWZSJLDAp17cP j+6znWkN9/g= -----END CERTIFICATE----- And the parameters I get in the request are: oauth_body_hash=<THE_HASH> oauth_consumer_key=www.google.com oauth_nonce=1250127641758620000 oauth_signature_method=RSA-SHA1 oauth_timestamp=1250127641 oauth_version=1.0 opensocial_app_id=<THE_ID> opensocial_app_url=<THE_URL> opensocial_owner_id=<THE_ID> opensocial_viewer_id=<THE_ID> xoauth_signature_publickey=pub.1210278512.2713152949996518384.cer oauth_signature=<THE_SIGNATURE> I've tried every combination I can think of to generate the signature base string. Which parameters should be included and how should this look: E.G: GET& <normalised url>& oauth_body_hash%3D<THE_HASH>%26 oauth_consumer_key%3Dwww.google.com%26 oauth_nonce%3D1250127641758620000%26 oauth_signature_method%3DRSA-SHA1%26 oauth_timestamp%3D1250127641%26 oauth_version%3D1.0%26 opensocial_app_id%3D<THE_ID>%26 opensocial_app_url%3D<THE_URL>%26 opensocial_owner_id%3D<THE_ID>%26 opensocial_viewer_id%3D<THE_ID>%26 xoauth_signature_publickey%3Dpub.1210278512.2713152949996518384.cer Is there anything else I need to be aware of when trying to verify the signed requests? Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "iGoogle Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Gadgets-API?hl=en -~----------~----~----~----~------~----~------~--~---
