Folks,
Still I am not able to get answer to this question and I am really
frustrated here. I anyway have plan to move my application to facebook
but if this problem is not solved I will be left with no choice and
remove support for Orkut. Please note this is not threat but a
practical issue as any hacker can mess with my application data.
Please correct me if my understanding is wrong.
Thanks,
-Akash
(PS: I am ccing everybody I know in orkut developer team, sorry for
this spam)
On Nov 16, 1:56 pm, Akash <[email protected]> wrote:
> Hi Orkut Development team,
> It is almost one year now and I am not able to get the solution to
> this aurthentication problem. I am glad that you have provided sample
> codes of authentication for various server side languages. Since I am
> using .NET web service and there are no sample code for it I need the
> exact information of parameters used to generate the base signature.
>
> If somebody who is using some other server side language can share a
> sample of the parameters added to the request, generated base
> signature and signature that will be great help. I will use these
> parameters to verify my program.
>
> Thanks,
> -Akash
>
> On Nov 13, 2:50 pm,Akash<[email protected]> wrote:
>
>
>
> > Ping as the problem is not solved yet for me :(
>
> > On Nov 12, 3:20 pm,Akash<[email protected]> wrote:
>
> > > Hi Prashant,
> > > Thanks for looking into this issue. I have tried all libraries
> > > available hence the issue in unlikely in library. Can you please
> > > provide me following:-
>
> > > 1. List of parameters that are added to the post request by orkut
> > > proxy server to my post request (It is a soap request). A sample post
> > > request will all parameters.
> > > 2. What should be base signature URL for this sample request.
>
> > > I will feed above data into my code and it is works in my code. In
> > > case it does not work then the problem is in my code otherwise
> > > somewhere else.
>
> > > I just triedhttp://googlecodesamples.com/oauth_playground/will
> > > following parameters.
>
> > > URL:http://www.knownmarket.com/KMWeb/listingSvc.asmx
> > > outh_signature_method: RSA-SHA1
> > > outh_consumer_key: orkut.com
> > > POST Data:
>
> > > <?xml version="1.0" encoding="utf-8"?><soap12:Envelope
> > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > > xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> > > xmlns:soap12="http://www.w3.org/2003/05/soap-envelope";><soap12:Body><ListLocalities
> > > xmlns="KM"><cityId>14</cityId></ListLocalities></soap12:Body></
> > > soap12:Envelope>
>
> > > I get the response as
> > > ****
> > > Couldn't resolve host '<
> > > ****
>
> > > So let me know what else I can do. The server is not owned by me.
>
> > > Thanks,
> > > -Akash
>
> > > On Nov 12, 2:10 pm, "Prashant (Google)" <[email protected]> wrote:
>
> > > > HiAkash,
>
> > > > This being a POST request, it would be difficult to debug at our end
> > > > with only the currently available data.
>
> > > > But assuming that you're sending the right set of parameters that the
> > > > server expects and that you're encoding them correctly in your query
> > > > string, you may try generating the base string using some other OAuth
> > > > library, or give the online OAuth Playground a try
> > > > athttp://googlecodesamples.com/oauth_playground/.
>
> > > > Otherwise, if it's you who own the server as well, you may also want
> > > > to verify as an added measure that the server endpoint is using the
> > > > correct certificate too and calculating the correct signature
> > > > accordingly.
>
> > > > Those are some checkpoints that immediately come to mind. Please go
> > > > through them and let us know if anything gives.
>
> > > > Thanks,
> > > > Prashant.
>
> > > > On Nov 12, 12:04 am,Akash<[email protected]> wrote:
>
> > > > > Folks please help me in this issue.
>
> > > > > Thanks,
> > > > > -Akash
>
> > > > > On Nov 6, 5:50 pm,Akash<[email protected]> wrote:
>
> > > > > > Hi Robson,
> > > > > > Thanks a lot for the reply. I am still not able to get it
> > > > > > working :-
> > > > > > (. Please note I am using ASP.NET web services.
>
> > > > > > Here is my exact code snippet that I am using for proof of concept
> > > > > > for getting authentication working.
>
> > > > > > public string GenerateSignatureBase(Uri url, string
> > > > > > consumerKey, string consumerSecret, string token, string
> > > > > > tokenSecret,
> > > > > > string httpMethod, string timeStamp, string nonce, string
> > > > > > signatureType)
> > > > > > {
> > > > > > List<QueryParameter> parameters = new
> > > > > > List<QueryParameter>
> > > > > > ();
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("oauth_body_hash","Ky4lfOVNobK9k5TFKBaax4p1QXk="));
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("oauth_consumer_key","orkut.com"));
> > > > > > parameters.Add(new QueryParameter("oauth_nonce",
> > > > > > "1257504988478336000"));
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("oauth_signature_method","RSA-SHA1"));
> > > > > > parameters.Add(new QueryParameter("oauth_timestamp",
> > > > > > "1257504988"));
> > > > > > parameters.Add(new
> > > > > > QueryParameter("oauth_version","1.0"));
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("opensocial_app_id","07513949224686644859"));
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("opensocial_app_url","http://www.knownmarket.com/KMWeb/
> > > > > > KnownMarket.xml"));
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("opensocial_container","http://www.orkut.com";));
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("opensocial_owner_id","04260157720044639260"));
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("opensocial_viewer_id","04260157720044639260"));
> > > > > > parameters.Add(new
> > > > > > QueryParameter("xoauth_public_key","pub.
> > > > > > 1199819524.-1556113204990931254.cer"));
> > > > > > parameters.Add(new QueryParameter
> > > > > > ("xoauth_signature_publickey","pub.
> > > > > > 1199819524.-1556113204990931254.cer"));
> > > > > > parameters.Add(new QueryParameter("oauth_token", ""));
>
> > > > > > parameters.Sort(new QueryParameterComparer());
>
> > > > > > string normalizedRequestParameters =
> > > > > > NormalizeRequestParameters(parameters);
>
> > > > > > StringBuilder signatureBase = new StringBuilder();
> > > > > > signatureBase.AppendFormat("{0}&", "POST");
> > > > > > signatureBase.AppendFormat("{0}&",
> > > > > > UrlEncode("http://www.knownmarket.com/KMWeb/listingSvc.asmx";));
> > > > > > signatureBase.AppendFormat("{0}", UrlEncode
> > > > > > (normalizedRequestParameters));
> > > > > > return signatureBase.ToString();
> > > > > > }
>
> > > > > > X509Certificate Cert =
> > > > > > X509Certificate.CreateFromCertFile
> > > > > > ( Request.PhysicalApplicationPath + "/bin/pub.
> > > > > > 1199819524.-1556113204990931254.cer");
> > > > > > RSACryptoServiceProvider Provider =
> > > > > > CertUtil.GetCertPublicKey(Cert);
> > > > > > OAuth.OAuthBase ba = new OAuthBase();
> > > > > > string baseString =
> > > > > > ba.GenerateSignatureBase(Request.Url,
> > > > > > Request.QueryString["oauth_consumer_key"], "", Request.QueryString
> > > > > > ["oauth_token"], "", Request.HttpMethod, Request.QueryString
> > > > > > ["oauth_timestamp"], Request.QueryString["oauth_nonce"],
> > > > > > "RSA-SHA1");
>
> > > > > > string signature =
> > > > > > "gTlTW2N5WysQNzfvc2/tT4+ZkIviFEaj2xoB/
> > > > > > wInZR8+rtwrbNNuKl+jDLx5QQ71Z6LIacBogaXRw3eA0U/PWiF6G1Hwhd/
> > > > > > 4+GHlBBXsaKLsC1Ar6/e0D5pvAzN97a8KWfBHMg5kwsF3+OrxVd6Hph+OLRWEUSs/
> > > > > > wyG3HK2GpOE=";
> > > > > > byte[] sign = Convert.FromBase64String(signature);
>
> > > > > > byte[] bstring = Encoding.UTF8.GetBytes(baseString);
> > > > > > Response.Write(Provider.VerifyData(bstring, "SHA1",
> > > > > > sign));
>
> > > > > > Thanks,
> > > > > > -Akash
>
> > > > > > On Nov 2, 1:29 am, Robson Dantas <[email protected]> wrote:
>
> > > > > > > Sorry, sent you the java version. Here is the link for .NET
>
> > > > > > >http://code.google.com/p/opensocial-net-client/
>
> > > > > > > Cheers
>
> > > > > > > Robson Dantas
>
> > > > > > > 2009/11/1 Robson Dantas <[email protected]>
>
> > > > > > > >Akash,
>
> > > > > > > > I dont know what kind of oauth lib you´re using, but i got some
> > > > > > > > problems
> > > > > > > > too, using the library which was described on
> > > > > > > > wiki.opensocial.org .
>
> > > > > > > > After spending some time debugging, figured out that it was a
> > > > > > > > problem on
> > > > > > > > the lib. Just tried another one, and worked. I´ve also updated
> > > > > > > > the wiki, so,
> > > > > > > > try to use this lib:
>
> > > > > > > >http://code.google.com/p/opensocial-java-client/
>
> > > > > > > > Let me know if it helps you.
>
> > > > > > > > Robson Dantas
>
> > > > > > > > 2009/10/28Akash<[email protected]>
>
> > > > > > > >> Not sure what was Ranjit's problem. My application is still
> > > > > > > >> having
> > > > > > > >> issues.
>
> > > > > > > >> On Oct 26, 9:38 pm, Ranjeet Gill <[email protected]> wrote:
> > > > > > > >> > Thanks its working now.
> > > > > > > >> > Ranjit
>
> > > > > > > >> > On Mon, Oct 26, 2009 at 4:11
> > > > > > > >> > AM,Akash<[email protected]>
> > > > > > > >> wrote:
>
> > > > > > > >> > > Yes checked and found certificate is not the issue.
>
> > > > > > > >> > > Any idea on after looking at the code whether it is fine?
>
> > > > > > > >> > > Thanks
>
> > > > > > > >> > > On Oct 13, 7:44 pm, "[email protected]"
> > > > > > > >> > > <[email protected]> wrote:
> > > > > > > >> > > > check your cetificate file. Be sure not to open or save
> > > > > > > >> > > > certificates
> > > > > > > >> > > > in wordpad etc use notepad
>
> > > > > > > >> > > > On Oct 10, 7:45 pm,Akash<[email protected]>
> > > > > > > >> > > > wrote:
>
> > > > > > > >> > > > > Hi,
> > > > > > > >> > > > > I am running into some issues regarding
> > > > > > > >> > > > > Authentication of my
> > > > > > > >> signed
> > > > > > > >> > > > > request. Validation of signed request always fails.
>
> > > > > > > >> > > > > For simplicity of debugging, Here are the list of
> > > > > > > >> > > > > parameters that
> > > > > > > >> I am
> > > > > > > >> > > > > using to generate base string
>
> > > > > > > >> > > > >
>
> ...
>
> read more »- Hide quoted text -
>
> - Show quoted text -
--
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=.
