My mistake, the type was fine, OAUTH replaces AUTHORIZATION, so its fine
with SIGNED, let me fully check the example and i let you know.
G.-
On Tue, Jul 8, 2008 at 2:05 PM, Bartolome Serapio <[EMAIL PROTECTED]> wrote:
> Thanks for your answer Gonzalo. I made these test with bad result
>
> a) Change SIGNED to OAUTH in the request
> b) add <Require feature="oauth"/>
> c) change <Require feature="opensocial-0.7"/> to <Require
> feature="opensocial-0.8"/>
>
>
>
>
> throw 1; < don't be evil'
>
> >{"http:\/\/new2.ligamessenger.local\/profile.php?nocache=1215536231101":{"oauthError"
>
> :"BAD_OAUTH_CONFIGURATION","oauthErrorText":"gadget spec is missing
> \/ModulePrefs\/OAuth section\n\n"
>
> }}
>
>
> Well I tested on shindig directly change my local.php and from partuza
>
>
>
>
>
>
> On Tue, Jul 8, 2008 at 6:00 PM, Gonzalo Aune <[EMAIL PROTECTED]>
> wrote:
>
> > In the example, it mention to use:
> >
> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > gadgets.io.AuthorizationType.SIGNED;
> >
> > but this was changed to
> >
> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > gadgets.io.AuthorizationType.OAUTH;
> >
> > Change it and tell me if it works, ill testing it in my environment
> > too, but please let me know if changing that works.
> >
> > G.-
> >
> >
> > On Tue, Jul 8, 2008 at 7:57 AM, Bartolome serapio <[EMAIL PROTECTED]>
> > wrote:
> >
> > > Hi.
> > > I'm using the follow example from orkut.
> > > http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig.
> ..
> > >
> > > //My php code that process the request is :
> > >
> > >
> > > require_once("classes/CertFileAccessor.php");
> > > $payload = array();
> > > $cert_accessor = new CertFileAccessor('/var/www/certs', '');
> > > $cert = $cert_accessor-
> > >
> > >
> > >
> > > >getPublicKey($_REQUEST['xoauth_signature_publickey']);
> > >
> > >
> > > if ($cert != null) {
> > >
> > > $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url,
> > > array_merge($_GET, $_POST));
> > > $sig = array(
> > > OAuthUtil::urlencodeRFC3986($req-
> > >
> > >
> > > >get_normalized_http_method()),
> > >
> > >
> > > OAuthUtil::urlencodeRFC3986($req-
> > >
> > > >get_normalized_http_url()),
> > >
> > >
> > > OAuthUtil::urlencodeRFC3986($req-
> > >
> > > >get_signable_parameters()),
> > >
> > >
> > > );
> > > $raw = implode("&", $sig);
> > > $signature = base64_decode($_GET["oauth_signature"]);
> > > $publickeyid = openssl_get_publickey($cert);
> > > $auth_ok = openssl_verify($raw, $signature, $publickeyid);
> > > openssl_free_key($publickeyid);
> > > } else {
> > > $payload['cert'] = 'missing';
> > > }
> > >
> > > if ($auth_ok == true) {
> > > $payload["validated"] = "Success! The data was validated";
> > > } else {
> > > $payload["validated"] = "This request was spoofed";
> > > }
> > >
> > >
> > > $payload["query"] = array_merge($_GET, $_POST);
> > > $payload["rawpost"] = file_get_contents("php://input");
> > >
> > >
> > > //Return the response as JSON
> > > print(json_encode($payload));
> > >
> > >
> > > http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut.
> ..
> > > ( Class CertFileAccessor.php)
> > > This is the application response (in a beauty mode :) )
> > > oauth_consumer_key: default
> > > oauth_nonce: 8b7398e76ed1f712a42e00663831d451
> > > oauth_signature: e/
> > > dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma
> > >
> >
> +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSWkLu1qV5ROxMgiq8kqUzBWAp2c=
> > >
> > > oauth_signature_method: RSA-SHA1
> > > oauth_timestamp: 1215172597
> > > oauth_token:
> > > opensocial_appid:
> > > opensocial_ownerid:
> > > xoauth_signature_publickey: http://shindig/public.crt
> > >
> > >
> > > throw 1; < don't be evil' >{"http:\/\/new2.ligamessenger.local\/
> > > profile.php":{"body":"\n{\"validated
> > >
> > >
> > > \":\"This request was spoofed\",\"query\":{\"oauth_nonce\":
> > > \"8b7398e76ed1f712a42e00663831d451\",\"oauth_timestamp
> > >
> > >
> > > \":\"1215172597\",\"oauth_consumer_key\":\"default\",\"synd\":\"partuza
> > > \",\"container\":\"partuza\",
> > >
> > >
> > > \"opensocial_owner_id\":\"4\",\"opensocial_viewer_id\":\"4\",
> > > \"opensocial_app_id\":\"22\",\"oauth_token
> > >
> > >
> > > \":\"\",\"xoauth_signature_publickey\":\"http:\\\/\\\/shindig\\\/
> > > public.crt\",\"oauth_signature_method
> > >
> > >
> > > \":\"RSA-SHA1\",\"oauth_signature\":\"e\\\/
> > > dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma
> > >
> > >
> > >
> >
> +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSWkLu1qV5ROxMgiq8kqUzBWAp2c
> > >
> > >
> > >
> > > =\"},\"rawpost\":\"\"}","rc":200}}
> > >
> > >
> > > Always obtain the same result
> > > Could you help me?
> > > svn version of Shindig : Updated to revision 674024.
> > > svn version of partuza: Updated to revision 82
> > >
> > >
> >
>