[OpenSocial] Validating Signed Request with Java

Tue, 28 Apr 2009 06:59:41 -0700 

Hi,

I'm trying to validate a signed request, which is being generated from
LinkedIn , and that's hitting my app in one of my servers. I already
have the widget running (on a linkedin sandbox) and I can retrieve all
the data from my app running remotely, but of course I'll need, before
deploying this for general use, validate the request to avoid any kind
of hacking.

I have a certificate (X509) provided by Linkedin. I'M USING THE CODE
FROM THE VALIDATING REQUEST ARTICLE AND IT SIMPLY DOES NOT WORK
(http://wiki.opensocial.org/index.php?
title=Validating_Signed_Requests).

I've tried passing different parameters for the Provider and the
Cosumer object but neither work. This is code snippet where I'm
validating the request...

-------------------------------------
 OAuthServiceProvider provider = new OAuthServiceProvider(null, null,
null);

 OAuthConsumer consumer = new OAuthConsumer(null, "linkedin", null,
null);
 consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, this.certificate);
 consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
 consumer.setProperty(OAuth.ENCODING, "ISO-8859-1");

// construct a OAuthMessage which contains all the http request data
OAuthMessage message = new HttpRequestMessage(request,
request.getRequestURL().toString());
OAuthAccessor accessor = new OAuthAccessor(consumer);
SimpleOAuthValidator validator = new SimpleOAuthValidator();

// validating it, this method MAY THROW AN OAuthProblemException in
case our request IS NOT VALID.
validator.validateMessage(message,accessor);
------------------------------------------

This is always throwing the exception for invalid request. I've been
stuck almost 1 month :-( .

CAN SOMEONE HELP ME? HAS SOMEONE BEEN ABLE TO MAKE THIS VALIDATION
WORK WITH OAUTH JAVA LIBRARY?


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to 
opensocial-api+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to