Thanks for your answer Gonzalo. I made these test with bad result
a) Change SIGNED to OAUTH in the request
b) add <Require feature="oauth"/>
c) change <Require feature="opensocial-0.7"/> to <Require
feature="opensocial-0.8"/>
throw 1; < don't be evil'
>{"http:\/\/new2.ligamessenger.local\/profile.php?nocache=1215536231101":{"oauthError"
:"BAD_OAUTH_CONFIGURATION","oauthErrorText":"gadget spec is missing
\/ModulePrefs\/OAuth section\n\n"
}}
Well I tested on shindig directly change my local.php and from partuza
On Tue, Jul 8, 2008 at 6:00 PM, Gonzalo Aune <[EMAIL PROTECTED]> wrote:
> In the example, it mention to use:
>
> params[gadgets.io.RequestParameters.AUTHORIZATION] =
> gadgets.io.AuthorizationType.SIGNED;
>
> but this was changed to
>
> params[gadgets.io.RequestParameters.AUTHORIZATION] =
> gadgets.io.AuthorizationType.OAUTH;
>
> Change it and tell me if it works, ill testing it in my environment
> too, but please let me know if changing that works.
>
> G.-
>
>
> On Tue, Jul 8, 2008 at 7:57 AM, Bartolome serapio <[EMAIL PROTECTED]>
> wrote:
>
> > Hi.
> > I'm using the follow example from orkut.
> > http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig...
> >
> > //My php code that process the request is :
> >
> >
> > require_once("classes/CertFileAccessor.php");
> > $payload = array();
> > $cert_accessor = new CertFileAccessor('/var/www/certs', '');
> > $cert = $cert_accessor-
> >
> >
> >
> > >getPublicKey($_REQUEST['xoauth_signature_publickey']);
> >
> >
> > if ($cert != null) {
> >
> > $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url,
> > array_merge($_GET, $_POST));
> > $sig = array(
> > OAuthUtil::urlencodeRFC3986($req-
> >
> >
> > >get_normalized_http_method()),
> >
> >
> > OAuthUtil::urlencodeRFC3986($req-
> >
> > >get_normalized_http_url()),
> >
> >
> > OAuthUtil::urlencodeRFC3986($req-
> >
> > >get_signable_parameters()),
> >
> >
> > );
> > $raw = implode("&", $sig);
> > $signature = base64_decode($_GET["oauth_signature"]);
> > $publickeyid = openssl_get_publickey($cert);
> > $auth_ok = openssl_verify($raw, $signature, $publickeyid);
> > openssl_free_key($publickeyid);
> > } else {
> > $payload['cert'] = 'missing';
> > }
> >
> > if ($auth_ok == true) {
> > $payload["validated"] = "Success! The data was validated";
> > } else {
> > $payload["validated"] = "This request was spoofed";
> > }
> >
> >
> > $payload["query"] = array_merge($_GET, $_POST);
> > $payload["rawpost"] = file_get_contents("php://input");
> >
> >
> > //Return the response as JSON
> > print(json_encode($payload));
> >
> >
> > http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut...
> > ( Class CertFileAccessor.php)
> > This is the application response (in a beauty mode :) )
> > oauth_consumer_key: default
> > oauth_nonce: 8b7398e76ed1f712a42e00663831d451
> > oauth_signature: e/
> > dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma
> >
> +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSWkLu1qV5ROxMgiq8kqUzBWAp2c=
> >
> > oauth_signature_method: RSA-SHA1
> > oauth_timestamp: 1215172597
> > oauth_token:
> > opensocial_appid:
> > opensocial_ownerid:
> > xoauth_signature_publickey: http://shindig/public.crt
> >
> >
> > throw 1; < don't be evil' >{"http:\/\/new2.ligamessenger.local\/
> > profile.php":{"body":"\n{\"validated
> >
> >
> > \":\"This request was spoofed\",\"query\":{\"oauth_nonce\":
> > \"8b7398e76ed1f712a42e00663831d451\",\"oauth_timestamp
> >
> >
> > \":\"1215172597\",\"oauth_consumer_key\":\"default\",\"synd\":\"partuza
> > \",\"container\":\"partuza\",
> >
> >
> > \"opensocial_owner_id\":\"4\",\"opensocial_viewer_id\":\"4\",
> > \"opensocial_app_id\":\"22\",\"oauth_token
> >
> >
> > \":\"\",\"xoauth_signature_publickey\":\"http:\\\/\\\/shindig\\\/
> > public.crt\",\"oauth_signature_method
> >
> >
> > \":\"RSA-SHA1\",\"oauth_signature\":\"e\\\/
> > dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma
> >
> >
> >
> +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSWkLu1qV5ROxMgiq8kqUzBWAp2c
> >
> >
> >
> > =\"},\"rawpost\":\"\"}","rc":200}}
> >
> >
> > Always obtain the same result
> > Could you help me?
> > svn version of Shindig : Updated to revision 674024.
> > svn version of partuza: Updated to revision 82
> >
> >
>