Hello, I'm wondering, how does a signed request gets invalidated? I was trying to do a signed request without using either makeRequest or osapi.http.*, since I need to set a cookie for a different domain and the only way would be to make a direct http request to ths domain and make it return the appropriate Cookie headers. However, this cookie also sets a user, and (since a legacy part of the application that needs to be integrated with the gadget, still needs a session to get the current user and so, it uses the cookie with a session key), so it needs more than just a relation key (I relate the owner_id to the user, so I can find a user by opensocial_owner_id) for security reasons.
I have tried a proxied request, where I would make the signed request using osapi.http.get, and, using js, get the params and make the request to the url that is supposed to set the cookies without using the google proxy. However, I always get invalid signature in this case. In which part of the process the information gets invalidated? Thanks, Marcelo. -- You received this message because you are subscribed to the Google Groups "iGoogle Developer Forum" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/Google-Gadgets-API?hl=en.
