In the example, it mention to use:

params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.SIGNED;

but this was changed to

params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.OAUTH;

Change it and tell me if it works, ill testing it in my environment
too, but please let me know if changing that works.

G.-


On Tue, Jul 8, 2008 at 7:57 AM, Bartolome serapio <[EMAIL PROTECTED]> wrote:

> Hi.
> I'm using the follow example from orkut.
> http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig...
>
> //My php code that process the request is :
>
>
> require_once("classes/CertFileAccessor.php");
> $payload = array();
>   $cert_accessor = new CertFileAccessor('/var/www/certs', '');
>   $cert = $cert_accessor-
>
>
>
> >getPublicKey($_REQUEST['xoauth_signature_publickey']);
>
>
>   if ($cert != null) {
>
>       $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url,
> array_merge($_GET, $_POST));
>       $sig = array(
>         OAuthUtil::urlencodeRFC3986($req-
>
>
> >get_normalized_http_method()),
>
>
>         OAuthUtil::urlencodeRFC3986($req-
>
> >get_normalized_http_url()),
>
>
>         OAuthUtil::urlencodeRFC3986($req-
>
> >get_signable_parameters()),
>
>
>       );
>       $raw = implode("&", $sig);
>    $signature = base64_decode($_GET["oauth_signature"]);
>    $publickeyid = openssl_get_publickey($cert);
> $auth_ok = openssl_verify($raw, $signature, $publickeyid);
>  openssl_free_key($publickeyid);
>   } else {
>      $payload['cert'] = 'missing';
>   }
>
>   if ($auth_ok == true) {
>   $payload["validated"] = "Success! The data was validated";
>  } else {
>   $payload["validated"] = "This request was spoofed";
>  }
>
>
>  $payload["query"] = array_merge($_GET, $_POST);
>  $payload["rawpost"] = file_get_contents("php://input");
>
>
>  //Return the response as JSON
>  print(json_encode($payload));
>
>
> http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut...
> ( Class CertFileAccessor.php)
> This is the application response (in a beauty mode :) )
> oauth_consumer_key: default
> oauth_nonce: 8b7398e76ed1f712a42e00663831d451
> oauth_signature: e/
> dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma
> +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSW­kLu1qV5ROxMgiq8kqUzBWAp2c=
>
> oauth_signature_method: RSA-SHA1
> oauth_timestamp: 1215172597
> oauth_token:
> opensocial_appid:
> opensocial_ownerid:
> xoauth_signature_publickey: http://shindig/public.crt
>
>
> throw 1; < don't be evil' >{"http:\/\/new2.ligamessenger.local\/
> profile.php":{"body":"\n{\"validated
>
>
> \":\"This request was spoofed\",\"query\":{\"oauth_nonce\":
> \"8b7398e76ed1f712a42e00663831d451\",\"oauth_timestamp
>
>
> \":\"1215172597\",\"oauth_consumer_key\":\"default\",\"synd\":\"partuza
> \",\"container\":\"partuza\",
>
>
> \"opensocial_owner_id\":\"4\",\"opensocial_viewer_id\":\"4\",
> \"opensocial_app_id\":\"22\",\"oauth_token
>
>
> \":\"\",\"xoauth_signature_publickey\":\"http:\\\/\\\/shindig\\\/
> public.crt\",\"oauth_signature_method
>
>
> \":\"RSA-SHA1\",\"oauth_signature\":\"e\\\/
> dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma
>
>
> +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSW­kLu1qV5ROxMgiq8kqUzBWAp2c
>
>
>
> =\"},\"rawpost\":\"\"}","rc":200}}
>
>
> Always obtain the same result
> Could you help me?
> svn version of Shindig :  Updated to revision 674024.
> svn version of partuza: Updated to revision 82
>
>

Reply via email to