In the example, it mention to use: params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.SIGNED;
but this was changed to params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.OAUTH; Change it and tell me if it works, ill testing it in my environment too, but please let me know if changing that works. G.- On Tue, Jul 8, 2008 at 7:57 AM, Bartolome serapio <[EMAIL PROTECTED]> wrote: > Hi. > I'm using the follow example from orkut. > http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig... > > //My php code that process the request is : > > > require_once("classes/CertFileAccessor.php"); > $payload = array(); > $cert_accessor = new CertFileAccessor('/var/www/certs', ''); > $cert = $cert_accessor- > > > > >getPublicKey($_REQUEST['xoauth_signature_publickey']); > > > if ($cert != null) { > > $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url, > array_merge($_GET, $_POST)); > $sig = array( > OAuthUtil::urlencodeRFC3986($req- > > > >get_normalized_http_method()), > > > OAuthUtil::urlencodeRFC3986($req- > > >get_normalized_http_url()), > > > OAuthUtil::urlencodeRFC3986($req- > > >get_signable_parameters()), > > > ); > $raw = implode("&", $sig); > $signature = base64_decode($_GET["oauth_signature"]); > $publickeyid = openssl_get_publickey($cert); > $auth_ok = openssl_verify($raw, $signature, $publickeyid); > openssl_free_key($publickeyid); > } else { > $payload['cert'] = 'missing'; > } > > if ($auth_ok == true) { > $payload["validated"] = "Success! The data was validated"; > } else { > $payload["validated"] = "This request was spoofed"; > } > > > $payload["query"] = array_merge($_GET, $_POST); > $payload["rawpost"] = file_get_contents("php://input"); > > > //Return the response as JSON > print(json_encode($payload)); > > > http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut... > ( Class CertFileAccessor.php) > This is the application response (in a beauty mode :) ) > oauth_consumer_key: default > oauth_nonce: 8b7398e76ed1f712a42e00663831d451 > oauth_signature: e/ > dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma > +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSWkLu1qV5ROxMgiq8kqUzBWAp2c= > > oauth_signature_method: RSA-SHA1 > oauth_timestamp: 1215172597 > oauth_token: > opensocial_appid: > opensocial_ownerid: > xoauth_signature_publickey: http://shindig/public.crt > > > throw 1; < don't be evil' >{"http:\/\/new2.ligamessenger.local\/ > profile.php":{"body":"\n{\"validated > > > \":\"This request was spoofed\",\"query\":{\"oauth_nonce\": > \"8b7398e76ed1f712a42e00663831d451\",\"oauth_timestamp > > > \":\"1215172597\",\"oauth_consumer_key\":\"default\",\"synd\":\"partuza > \",\"container\":\"partuza\", > > > \"opensocial_owner_id\":\"4\",\"opensocial_viewer_id\":\"4\", > \"opensocial_app_id\":\"22\",\"oauth_token > > > \":\"\",\"xoauth_signature_publickey\":\"http:\\\/\\\/shindig\\\/ > public.crt\",\"oauth_signature_method > > > \":\"RSA-SHA1\",\"oauth_signature\":\"e\\\/ > dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma > > > +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSWkLu1qV5ROxMgiq8kqUzBWAp2c > > > > =\"},\"rawpost\":\"\"}","rc":200}} > > > Always obtain the same result > Could you help me? > svn version of Shindig : Updated to revision 674024. > svn version of partuza: Updated to revision 82 > >

