On Jul 24, 8:51 am, John Kristian <[email protected]> wrote:
> This is specified byhttp://oauth.net/core/1.0a#signing_process(look
> for 'Verifying Signature' for each of the signature methods).
> Software that implements it in several languages is available.
>
> For HMAC signature methods, you'll need the consumer secret and token
> secret (in addition to the request parameters). I would guess the
> token secret is empty, but I'm not familiar with OpenSocial.
>
> Some fine points: don't include the oauth_signature in the signature
> base string. Decode the other parameters and re-encode them into the
> signature base string. Decode the oauth_signature and use the
> resulting binary value to verify the signature.
>
> On Jul 24, 7:55 am, jaap <[email protected]> wrote:
>
> > I'm creating an opensocial widget. The widget can make SIGNED requests
> > to an arbitrary url. The signing is done by the opensocial container.
> > The result is a request which is enriched with these attributes:
> > * opensocial_owner_id
> > * opensocial_viewer_id
> > * opensocial_app_id
> > * oauth_consumer_key
> > * oauth_token (empty)
> > * xoauth_signature_publickey
> > * oauth_signature_method
> > * oauth_nonce
> > * oauth_timestamp
> > * oauth_signature
>
> > I want to verify that that the request is genuine. I this this should
> > be possible with the oauth signature and the public key, but I don't
> > know where I should begin!
> > Can someone please explain how I should verify the signature against
> > the request? It's probably somewhere in the oauth documentation but I
> > couldn't find it between all the other use cases of oauth (i.e.
> > requesting a token and using it).
>
>
In addition to the spec, the Editor's cut of the spec has very good
and detailed information about the signing process. I found it
extremely useful while implementing my provider.
http://oauth.googlecode.com/svn/spec/core/unofficial/1.0ec/drafts/1/spec.html
-cheers,
Manish
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
