I tested with the Java version and it seems that doesnt work too, si i guess
the example at some point is wrong, anyone has tested it with success?
G.-
On Tue, Jul 8, 2008 at 2:37 PM, Gonzalo Aune <[EMAIL PROTECTED]> wrote:
> My mistake, the type was fine, OAUTH replaces AUTHORIZATION, so its fine
> with SIGNED, let me fully check the example and i let you know.
>
> G.-
>
>
> On Tue, Jul 8, 2008 at 2:05 PM, Bartolome Serapio <[EMAIL PROTECTED]>
> wrote:
>
>> Thanks for your answer Gonzalo. I made these test with bad result
>>
>> a) Change SIGNED to OAUTH in the request
>> b) add <Require feature="oauth"/>
>> c) change <Require feature="opensocial-0.7"/> to <Require
>> feature="opensocial-0.8"/>
>>
>>
>>
>>
>> throw 1; < don't be evil'
>>
>> >{"http:\/\/new2.ligamessenger.local\/profile.php?nocache=1215536231101":{"oauthError"
>>
>> :"BAD_OAUTH_CONFIGURATION","oauthErrorText":"gadget spec is missing
>> \/ModulePrefs\/OAuth section\n\n"
>>
>> }}
>>
>>
>> Well I tested on shindig directly change my local.php and from partuza
>>
>>
>>
>>
>>
>>
>> On Tue, Jul 8, 2008 at 6:00 PM, Gonzalo Aune <[EMAIL PROTECTED]>
>> wrote:
>>
>> > In the example, it mention to use:
>> >
>> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
>> > gadgets.io.AuthorizationType.SIGNED;
>> >
>> > but this was changed to
>> >
>> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
>> > gadgets.io.AuthorizationType.OAUTH;
>> >
>> > Change it and tell me if it works, ill testing it in my environment
>> > too, but please let me know if changing that works.
>> >
>> > G.-
>> >
>> >
>> > On Tue, Jul 8, 2008 at 7:57 AM, Bartolome serapio <[EMAIL PROTECTED]>
>> > wrote:
>> >
>> > > Hi.
>> > > I'm using the follow example from orkut.
>> > >
>> http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig...
>> > >
>> > > //My php code that process the request is :
>> > >
>> > >
>> > > require_once("classes/CertFileAccessor.php");
>> > > $payload = array();
>> > > $cert_accessor = new CertFileAccessor('/var/www/certs', '');
>> > > $cert = $cert_accessor-
>> > >
>> > >
>> > >
>> > > >getPublicKey($_REQUEST['xoauth_signature_publickey']);
>> > >
>> > >
>> > > if ($cert != null) {
>> > >
>> > > $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url,
>> > > array_merge($_GET, $_POST));
>> > > $sig = array(
>> > > OAuthUtil::urlencodeRFC3986($req-
>> > >
>> > >
>> > > >get_normalized_http_method()),
>> > >
>> > >
>> > > OAuthUtil::urlencodeRFC3986($req-
>> > >
>> > > >get_normalized_http_url()),
>> > >
>> > >
>> > > OAuthUtil::urlencodeRFC3986($req-
>> > >
>> > > >get_signable_parameters()),
>> > >
>> > >
>> > > );
>> > > $raw = implode("&", $sig);
>> > > $signature = base64_decode($_GET["oauth_signature"]);
>> > > $publickeyid = openssl_get_publickey($cert);
>> > > $auth_ok = openssl_verify($raw, $signature, $publickeyid);
>> > > openssl_free_key($publickeyid);
>> > > } else {
>> > > $payload['cert'] = 'missing';
>> > > }
>> > >
>> > > if ($auth_ok == true) {
>> > > $payload["validated"] = "Success! The data was validated";
>> > > } else {
>> > > $payload["validated"] = "This request was spoofed";
>> > > }
>> > >
>> > >
>> > > $payload["query"] = array_merge($_GET, $_POST);
>> > > $payload["rawpost"] = file_get_contents("php://input");
>> > >
>> > >
>> > > //Return the response as JSON
>> > > print(json_encode($payload));
>> > >
>> > >
>> > >
>> http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut...
>> > > ( Class CertFileAccessor.php)
>> > > This is the application response (in a beauty mode :) )
>> > > oauth_consumer_key: default
>> > > oauth_nonce: 8b7398e76ed1f712a42e00663831d451
>> > > oauth_signature: e/
>> > > dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma
>> > >
>> >
>> +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSWkLu1qV5ROxMgiq8kqUzBWAp2c=
>> > >
>> > > oauth_signature_method: RSA-SHA1
>> > > oauth_timestamp: 1215172597
>> > > oauth_token:
>> > > opensocial_appid:
>> > > opensocial_ownerid:
>> > > xoauth_signature_publickey: http://shindig/public.crt
>> > >
>> > >
>> > > throw 1; < don't be evil' >{"http:\/\/new2.ligamessenger.local\/
>> > > profile.php":{"body":"\n{\"validated
>> > >
>> > >
>> > > \":\"This request was spoofed\",\"query\":{\"oauth_nonce\":
>> > > \"8b7398e76ed1f712a42e00663831d451\",\"oauth_timestamp
>> > >
>> > >
>> > >
>> \":\"1215172597\",\"oauth_consumer_key\":\"default\",\"synd\":\"partuza
>> > > \",\"container\":\"partuza\",
>> > >
>> > >
>> > > \"opensocial_owner_id\":\"4\",\"opensocial_viewer_id\":\"4\",
>> > > \"opensocial_app_id\":\"22\",\"oauth_token
>> > >
>> > >
>> > > \":\"\",\"xoauth_signature_publickey\":\"http:\\\/\\\/shindig\\\/
>> > > public.crt\",\"oauth_signature_method
>> > >
>> > >
>> > > \":\"RSA-SHA1\",\"oauth_signature\":\"e\\\/
>> > > dXiMeDw9eaSWbPAQlKpxk3xkHH9VPEbYObFgyCI4KK7jTkNKS0XNihrzkanKZtNylK6ma
>> > >
>> > >
>> > >
>> >
>> +7A5seIbLKkocd3ci6+gKNnK6lXBSS2bWyTSedy5p7rSOUGXpVsSMM9pAvlty54HUxCjB63QPSWkLu1qV5ROxMgiq8kqUzBWAp2c
>> > >
>> > >
>> > >
>> > > =\"},\"rawpost\":\"\"}","rc":200}}
>> > >
>> > >
>> > > Always obtain the same result
>> > > Could you help me?
>> > > svn version of Shindig : Updated to revision 674024.
>> > > svn version of partuza: Updated to revision 82
>> > >
>> > >
>> >
>>
>
>