Oh, also, the wiki example shows an RSA cert being used. I'm not using
that. As I understand that it isn't needed in the two-legged OAuth done
for makeRequest().
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jord...@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
-----Original Message-----
From: Jordan Zimmerman
Sent: Thursday, February 05, 2009 1:31 PM
To: 'shindig-dev@incubator.apache.org'
Subject: RE: signature_invalid
>You don't show how you are building the OAuthConsumer object.
Currently, I'm using dummy values. So, it's this:
new OAuthConsumer(null, "ConsumerKey", "ConsumerSecret", null)
> Here's some doc you might find useful:
I tried the code in the wiki and it produces the same result:
signature_invalid
Where in the Shindig code does it build the signature? I've been
searching for it but haven't found it yet.
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jord...@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
-----Original Message-----
From: Brian Eaton [mailto:bea...@google.com]
Sent: Thursday, February 05, 2009 12:57 PM
To: shindig-dev@incubator.apache.org
Subject: Re: signature_invalid
Hi Jordan -
Make sure you're using the right keys and secrets. You don't show how
you are building the OAuthConsumer object. There may be a bug in that
code.
Here's some doc you might find useful:
http://groups.google.com/group/oauth/browse_thread/thread/5dea93b44dbbb6
28
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
On Thu, Feb 5, 2009 at 12:48 PM, Jordan Zimmerman <jord...@shop.com>
wrote:
> Trying again...
>
> What is the correct way to validate the OAuth parameters from my
server
> (as part of a makeRequest() call)? Does Shindig expose an API for
this?
> I tried the code below but it doesn't work.
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jord...@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
>
>
> -----Original Message-----
> From: Jordan Zimmerman [mailto:jord...@shop.com]
> Sent: Wednesday, February 04, 2009 11:40 AM
> To: shindig-dev@incubator.apache.org
> Subject: signature_invalid
>
> I'm trying to get OAuth working. My gadget is calling makeRequest()
with
> OAUTH authentication. When the request gets to my server all of the
> OAuth parameters are there. But, when I try to validate, I get an
> exception:
>
> net.oauth.OAuthProblemException: signature_invalid
> at
>
net.oauth.signature.OAuthSignatureMethod.validate(OAuthSignatureMethod.j
> ava:67)
> at
>
net.oauth.SimpleOAuthValidator.validateSignature(SimpleOAuthValidator.ja
> va:103)
> at
>
net.oauth.SimpleOAuthValidator.validateMessage(SimpleOAuthValidator.java
> :68)
>
> Here's my validation code:
>
> public boolean isValidOAuthQuery(OAuthConsumer consumer,
> HttpServletRequest request)
> {
> String requestURL = OAuthServlet.getRequestURL(request);
> OAuthMessage message = OAuthServlet.getMessage(request,
> requestURL);
> OAuthAccessor accessor = new OAuthAccessor(consumer);
> SimpleOAuthValidator validator = new SimpleOAuthValidator();
> try
> {
> validator.validateMessage(message, accessor);
> }
> catch ( Exception e )
> {
> e.printStackTrace();
> return false;
> }
> return true;
> }
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jord...@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
