Re: public certificate key

Mon, 14 Jul 2008 08:25:23 -0700 

Hi,
for the php version:

https://issues.apache.org/jira/browse/SHINDIG-447

Summary: the proxy is called with the signOwner and signViewer parameters.
They are both included in the signature base_string. Then the application
page is called without these paramters. So signatures will not match.

Patch for /php/src/gadgets/oauth/OAuth.php against current trunk:

Index: .
===================================================================
--- . (revision 676605)
+++ . (working copy)
@@ -292,8 +292,7 @@
  $parameters = is_array($parameters) ? $parameters : array();
  $defaults = array("oauth_nonce" => OAuthRequest::generate_nonce(),
  "oauth_timestamp" => OAuthRequest::generate_timestamp(),
- "oauth_consumer_key" => $consumer->key, 'synd' => 'partuza',
- 'container' => 'partuza');
+ "oauth_consumer_key" => $consumer->key);
  $parameters = array_merge($defaults, $parameters);
  if (isset($token)) {
  $parameters['oauth_token'] = $token;
@@ -393,6 +392,9 @@
  $parts = parse_url($this->http_url);
  parse_str(@$parts['query'], $params);
  foreach ($params as $key => $value) {
+ if ($key == "signOwner" || $key == "signViewer") {
+ continue;
+ }
  $this->parameters[$key] = $value;
  }
  $parts = array($this->get_normalized_http_method(),
$this->get_normalized_http_url(),

This fixes it with a (very extremely ugly) hack (patch for some other bug
(hard-coded partuza container name) included, as this patch was not yet
committed).

I will try to understand the complete oauth signing process later in the
week and try to supply a "acceptable" patch, as this is a show-stopper right
now for our planned end-of-july release plans...

However with above patch applied, i can successfully validate a signature
with the linked method from google.

Best Regards

Karsten Beyer

On Mon, Jul 14, 2008 at 4:34 PM, Gonzalo Aune <[EMAIL PROTECTED]> wrote:

> I was trying to run the example in the Java and the PHP side without
> success, anyone could run this example?.
>
> G.-
>
> On Mon, Jul 14, 2008 at 11:30 AM, xin zhang <[EMAIL PROTECTED]> wrote:
>
> > Hi,
> >
> > I am trying the example from
> >
> http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSignedRequestsonshindig,
>  how to generate the public certificate key for shindig?
> >
> > Thanks
> >
> >
> >
> >
>

Reply via email to