Sachim, so you are saying that in the Orkut auth model the xoauth_requestor_id is allways required and it is being a part of the signature elements?
Regards, Carlos On 24 mayo, 13:26, Sachin Shenoy <[email protected]> wrote: > Hi Carlos, > > 2-legged oauth does not work like that. Even if you are not using @me and > are specifying the user-id, the authentication layer will fail. This is > because as per the 2-legged oauth scheme xoauth_requestor_id is required and > if not present we will fail. > > The sample I sent happened to have oauth_body_hash, but as I said you can > safely not have it. > > The details on how to compute the oauth_body_hash is present in the oauth > spec. It is a SHA1 hash taken over the body of the request (if body is not > present the hash is taken over empty string). Please look into the spec for > exact details. > > Regards, > Sachin > > On Mon, May 24, 2010 at 8:02 PM, Carlos <[email protected]> wrote: > > Sachin, I am not sending @me so the Orkut may resolve the ID from the > > URI as ID goes between pepollr/ID/@self. Second, your sample bsse > > string below shows both oauth_body_hash and xoauth_requestor_id, this > > casr is puzzling me.... > > > BTW I tested a GET requedt for people/id/@self sending the > > xoauth_requestor_id in the URI and also being part of the signature > > and got an invalid signature. > > > I wouldsay that to be consistent with this "trial and error" process, > > the better is that I should have at least tested with the > > oauth_body_hash that at the moment I havent implemented. Would you > > please send me pointers on how to compute this hash, or what are the > > elements that build the inpput to the hash? > > > Thanks, Carlos > > > On 24 mayo, 01:59, Sachin Shenoy <[email protected]> wrote: > > > Hi Carlos, > > > > If you are making a 2-legged oauth call, you can optionally avoid > > > oauth_body_hash. But you have to specify xoauth_requestor_id. That is the > > > only way we can know who the "viewer" of the request is. I would suggest > > > avoiding oauth_body_hash (at least for testing) since it is not > > mandatory. > > > > And yes, xoauth_requestor_id is mandatory and is part of the base string. > > > > Here is an example base string. > > > > POST&http%3A%2F%2Fsandbox.orkut.com > > > %2Fsocial%2Frpc&oauth_body_hash%3D5fhTk%2D%252FWn1nbtxMnN8yZzWk%252FyA%253D%26oauth_consumer_key%3Dorkut.com%253A60%26oauth_nonce%3D00232537%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274677016%26oauth_version%3D1.0%26xoauth_requestor_id%3D018512666316881006356 > > > > Thanks, > > > Sachin > > > > On Mon, May 24, 2010 at 4:46 AM, Prashant (Google) <[email protected]> > > wrote: > > > > Hi Carlos, > > > > > No, they're both not required and shouldn't be supplied. > > > > > ~Prashant > > > > > On May 23, 2:10 pm, Carlos <[email protected]> wrote: > > > > > Hi, I am getting "invalid signature" from my REST calls, so I wanted > > > > > to make sure if the signature is built from the oauth 1.0 parameters > > > > > and > > > > > - oauth_body_hash required or not, if true if it is part of the base > > > > > string > > > > > - xoauth_requestorr_id if required, if is part of the base string or > > > > > not > > > > > > Regards, Carlos > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > Groups > > > > "Orkut Developer Forum" group. > > > > > To post to this group, send email to > > [email protected]. > > > > > To unsubscribe from this group, send email to > > > > [email protected]<opensocial-orkut%[email protected]> > > <opensocial-orkut%[email protected]<opensocial-orkut%[email protected]> > > > > > . > > > > > For more options, visit this group athttp:// > > > > groups.google.com/group/opensocial-orkut?hl=en. > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "Orkut Developer Forum" group. > > > > To post to this group, send email to [email protected] > > . > > > > To unsubscribe from this group, send email to > > > > [email protected]<opensocial-orkut%[email protected]> > > <opensocial-orkut%[email protected]<opensocial-orkut%[email protected]> > > > > > . > > > > For more options, visit this group at > > > >http://groups.google.com/group/opensocial-orkut?hl=en. > > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Orkut Developer Forum" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > [email protected]<opensocial-orkut%[email protected]> > > . > > > For more options, visit this group athttp:// > > groups.google.com/group/opensocial-orkut?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Orkut Developer Forum" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<opensocial-orkut%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/opensocial-orkut?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Orkut Developer Forum" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/opensocial-orkut?hl=en. -- You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en.
