-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Chabot wrote: > I'm not to familiar with > http://graargh.returnstrue.com/buh/fetchme.php.txt but I've got the > suspicion that might be quite old code, when I compare the > get_signable_parameters() functions in the OAuth file we use all > over the place in php shindig / partuza / php opensocial client lib > and http://graargh.returnstrue.com/buh/OAuth.php.txt Well as you > said, they really don't do the same thing. So I'm presuming that's > either an alternative implementation, or just very out of date. > > Luckily we do refer to the right OAuth lib in > http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests > (which is a much more reliable source of information). > > The only major change that's happened in how we use OAuth in > OpenSocial that I'm aware of is that we've added a body signature > to the requests to the RPC/REST interface, see > http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.htmlfor > details on that (but the opensocial client libraries already all > support this, so normally you don't have to do any work for this to > just-work)
Thanks for this reassuring message ;-) Cheers -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpSKFIACgkQ8dLMyEl6F21JiQCfR3rT9FaaD/h5VFgtOeqELuZE OPgAoLxH5QqRWJdme5hBYGuiWhtlvQvF =AUBL -----END PGP SIGNATURE-----
