The issue is such that, we are hosting our own shindig container and a web application in one box. The web application uses signed fetch to render the gadgets and we are using the same codebase for the gadgets, deployed in public IP. When run within our web app using signed fetch, the verification was just fine as both shindig and web app resides in one box but the problem arouse when trying to use Oauth as I wanted my gadgets to be deployed in other opensocial containers like orkut and igoogle. Now based on your suggestion, am checking for remote address matching our public ip and if so am changing the ip in the request url. Now it works absolutely FINE. Thanks a lot :)
On Thu, Feb 11, 2010 at 9:54 PM, mat...@gmail <[email protected]> wrote: > You can replace hostname (or IP) included in signature base string before > signing it. > > On 2010/02/12, at 1:04, Vinod wrote: > > > I have a OAuth gadget running in orkut sandbox. I initially deployed > > my web app in a public ip machine and I had no issues in signature > > verification process. Now I have apache server running on a public IP > > machine and I have a rewrite rule applied to redirect requests to > > another server which is in the internal network. When orkut is signing > > the requests, it signs the request using my public ip, and when my > > app(Service Provider) is verifying the signature, it sees the URL with > > internal ip address and the signature verification fails. How to go > > about solving this issue. Please help me .... > > > > -- > > You received this message because you are subscribed to the Google Groups > "OAuth" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > [email protected] <oauth%[email protected]>. > > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected] <oauth%[email protected]>. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
