Hi Barry, Can you confirm that your getRsaKey() method is returning an appropriate (not null) private key? The exchangeForSessionToken method won't fail if there isn't really a key.
Paul On Wed, Apr 6, 2011 at 12:32 AM, barry <[email protected]> wrote: > Hi Paul, > > also maybe this will help you, > > i tried calling > String sessionToken = AuthSubUtil.exchangeForSessionToken("http", > "beta.lifeonkey.com", singleUseToken, getRsaKey()).ToString(); > > this doesn;t return an 401 error, it just returns null > > Thanks, > Barry > > On Apr 6, 8:26 am, barry <[email protected]> wrote: > > Hi Paul, > > > > It's still not working. same exception. I tried again with the oauth > > playground and its working perfectly. > > > > this is driving me crazy. > > > > Thanks, > > Barry > > > > On Apr 5, 9:33 pm, "Paul (Google)" <[email protected]> wrote: > > > > > Hi Barry, > > > > > I've tweaked your domain's entry in the H9 service directory. Could > you > > > give it another try? > > > > > Paul > > > > > On Tue, Apr 5, 2011 at 5:18 AM, barry <[email protected]> > wrote: > > > > Thanks Paul, > > > > Everything is working fine in the oauth playground now (I added the > > > > private key to the input) > > > > > > I'm still getting the error with exchangeForSessionToken > > > > > > I'm using the following code for getRSAkey() > > > > > > AsymmetricAlgorithm getRsaKey() > > > > { > > > > string fileName = > > > > ConfigurationManager.AppSettings["GoogleCert"]; > > > > > > X509Store store = new X509Store("My", > > > > StoreLocation.LocalMachine); > > > > store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); > > > > > > X509Certificate2 cert = > > > > store.Certificates.Find(X509FindType.FindBySubjectName, > > > > "beta.lifeonkey.com", false)[0]; > > > > > > RSACryptoServiceProvider privateKey = cert.PrivateKey as > > > > RSACryptoServiceProvider; > > > > return privateKey; > > > > } > > > > > > its called from the method: > > > > String sessionToken = > > > > AuthSubUtil.exchangeForSessionToken(singleUseToken, > > > > getRsaKey()).ToString(); > > > > where singleUseToken is the querystring["token"] returned from > > > > AuthSubUtil.getRequestUrl("https", "www.google.com", > > > > "/h9/authsub", reqUrl, "https://www.google.com/h9/ > > > > feeds/", true, true); > > > > > > thanks, > > > > > > Barry > > > > > > On Apr 5, 12:27 pm, barry <[email protected]> wrote: > > > > > also, when testing the certificate form manage accounts, it works > fine > > > > > > > On Apr 5, 8:58 am, barry <[email protected]> wrote: > > > > > > > > Hi Paul, > > > > > > thanks for the response. > > > > > > > > I only used the above as an example. the actual command i did for > > > > > > openssl is as follows: > > > > > > > > openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj > "/C=US/ > > > > > > ST=NY/L=New York/CN=beta.lifeonkey.com" -keyout myBetaKey.pem > -out > > > > > > myBetaCert.pem > > > > > > > > I uploaded the myBetaCert.pem to MyAccounts for the domain > > > > > > beta.lifeonkey.com > > > > > > > > when running the OAuth Playground I chose H9 for scope, RSA-SHA1 > for > > > > > > signature method, and beta.lifeonkey.com for consumer key > > > > > > > > the request/response is as follows: > > > > > > > > GET /accounts/OAuthGetRequestToken?scope=https%3A%2F% > 2Fwww.google.com > > > > > > %2Fh9%2Ffeeds%2F HTTP/1.1 > > > > > > Host:www.google.com > > > > > > Accept: */* > > > > > > Authorization: OAuth oauth_version="1.0", > > > > > > oauth_nonce="46089545738b1bf89a9b86899d7d28a2", > > > > > > oauth_timestamp="1301982083", oauth_consumer_key=" > beta.lifeonkey.com", > > > > > > oauth_signature_method="RSA-SHA1", > > > > > > oauth_signature="UQY9UkiQDtO3risyqBrAKSUbmc93p2o3tvYx7RQiVY15p > > > > > > %2B6r9pYqT4YPcgrEpdqhDNvePmJQzLgB6nwHlb9zkWeAyGsYu84r6yj > > > > > > > %2BUjmWUucL0T8LjAhoz4wQLPAX3xq3q9B28HSMuJNMyBJrLjKAVRY7TNyvE3RhH9Jm > > > > > > %2B5JV%2F88%3D" > > > > > > > > HTTP/1.1 400 Bad Request > > > > > > Content-Type: text/plain; charset=UTF-8 > > > > > > Date: Tue, 05 Apr 2011 05:41:23 GMT > > > > > > Expires: Tue, 05 Apr 2011 05:41:23 GMT > > > > > > Cache-Control: private, max-age=0 > > > > > > X-Content-Type-Options: nosniff > > > > > > X-XSS-Protection: 1; mode=block > > > > > > Content-Length: 343 > > > > > > Server: GSE > > > > > > > > signature_invalid > > > > > > base_string:GET&https%3A%2F%2Fwww.google.com%2Faccounts > > > > > > %2FOAuthGetRequestToken&oauth_consumer_key%3Dbeta.lifeonkey.com > > > > > > %26oauth_nonce > > > > > > > %3D46089545738b1bf89a9b86899d7d28a2%26oauth_signature_method%3DRSA- > > > > > > SHA1%26oauth_timestamp%3D1301982083%26oauth_version%3D1.0%26scope > > > > > > %3Dhttps%253A%252F%252Fwww.google.com%252Fh9%252Ffeeds%252F > > > > > > > > I don't understand why the signature is invalid. > > > > > > What am i missing??? > > > > > > > > Thanks, > > > > > > Barry > > > > > > > > On Apr 5, 5:00 am, "Paul (Google)" <[email protected]> wrote: > > > > > > > > > Hi Barry, > > > > > > > > > In case you haven't obfuscated your actual domain name in the > openssl > > > > > > > command you posted, you need to ensure that the CN in your > > > > certificate and > > > > > > > the domain you supply as part of the "next" URL when making the > > > > request for > > > > > > > the single-use token match. > > > > > > > > > To test that your certificate has been uploaded correctly to > the > > > > Manage > > > > > > > Domains tool and that it matches your private key, you can use > the > > > > OAuth > > > > > > > Playground. > > > > > > > > >http://googlecodesamples.com/oauth_playground/ > > > > > > > > > In step 2, you can provide your own private key. The > > > > oauth_consumer_key is > > > > > > > the CN from your certificate. Otherwise, you can the default > values > > > > for the > > > > > > > other settings. > > > > > > > > > Let us know how it goes! > > > > > > > > > Paul (Google) > > > > > > -- > > > > You received this message because you are subscribed to the Google > Groups > > > > "Google Health Developers" group. > > > > To post to this group, send email to > > > > [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected]. > > > > For more options, visit this group at > > > >http://groups.google.com/group/googlehealthdevelopers?hl=en. > > > > > -- > > > Developer Programs Engineer > > > Google Health > > > [email protected] > > -- > You received this message because you are subscribed to the Google Groups > "Google Health Developers" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/googlehealthdevelopers?hl=en. > > -- Developer Programs Engineer Google Health [email protected] -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
