I don't think it's the implementation, sounds like you are getting father
along now. I would guess it has something to do with either the URLs or
the key and token you are sending.
-Ryan
Email: rjbax...@us.ibm.com
Phone: 978-899-3041
developerWorks Profile
From: Sumedha Sanjeewa<sumed...@wso2.com>
To: dev@shindig.apache.org,
Date: 07/01/2011 08:35 AM
Subject: Re: OAuth Error with Shindig
Hi,
I changed the two url's in the TestSecurityTokenCodec.java to the url of
my
gadget and i implemented the getActiveUrl method as follows
public String getActiveUrl(){
return appUrl;
}
Now I'm getting the window where i have to grant access and when I grant
access and the following error comes out.
Something went wrong: No oauth_token returned from service provider ====
Original request: GET /m8/feeds/contacts/default/base?alt=json Host:
www.google.com X-Shindig-AuthType: oauth X-Forwarded-For: 127.0.0.1
X-shindig-dos: on ==== ==== Sent request 1: GET
/accounts/OAuthGetAccessToken Host: www.google.com X-Shindig-AuthType:
none
Authorization: OAuth oauth_token="4%2FMG2HZFWosN3GKLHKjX4eJBk93Eud",
opensocial_owner_id="sumedhas", opensocial_viewer_id="sumedhas",
opensocial_app_id="appid", opensocial_app_url="http%3A%2F%
2Fhosting.gmodules.com%2Fig%2Fgadgets%2Ffile%2F110202107255856621910%2Fhello.xml",
oauth_version="1.0", oauth_timestamp="1309522679",
oauth_nonce="6472367863692634430",
oauth_consumer_key="weitu.googlepages.com",
oauth_signature_method="RSA-SHA1",
oauth_signature="ol%2BgKdtXpVpHvjslKl0ash7s2huo0jxZnYcBKhhUS6Ue5Nk%2BKgmEW8xKLU2IqMORe74zokxvTBTijzbsypzqbz0x7E%2BSezEutuKF9BAGXNlKsT6xTjNQoB3mB9VQBECOZKkIpic1b8Tfd8E%2FY1LX9CFeScDwdibZWuQ5m80vo2U%3D"
X-shindig-dos: on ==== Received response 1: HTTP/1.1 400 Cache-Control:
private, max-age=0 Content-Type: text/plain; charset=UTF-8 Date: Fri, 01
Jul
2011 12:17:59 GMT Expires: Fri, 01 Jul 2011 12:17:59 GMT Server: GSE
Transfer-Encoding: chunked X-Content-Type-Options: nosniff
X-XSS-Protection:
1; mode=block The oauth_verifier is missing or invalid. ====
Is my Implementation of the method is wrong or my url's are wrong...???
On Fri, Jul 1, 2011 at 1:35 PM, Evgeny Bogdanov
<evgeny.bogda...@epfl.ch>wrote:
Method getActiveUrl is not implemented in AbstractSecurityToken.java
public String getActiveUrl() {
throw new UnsupportedOperationException(**"No active URL available");
}
Add implementation for this method into TestSecurityTokenCodec.java
and it should probably work
On 01.07.11 08:13, Sumedha Sanjeewa wrote:
I checked this with Shindig 2.0.0 which is available for download and I
was
able to get the gadget work in both sample container and also with the
url
(I used the full url with the security tokens). So Is this a problem
with
current shindig trunk.
But when Still unable to get it working in the current trunk revision.
I
changed the url's in the TestSecurityTokenCodec.java, then i'am getting
the
following error
in the terminal. Nothing is displayed in the sample container.
WARNING: oauthFetchUnexpectedError
2011-07-01 11:34:04.711:WARN::/gadgets/**makeRequest
java.lang.**UnsupportedOperationException: No active URL available
at
org.apache.shindig.auth.**AbstractSecurityToken.**getActiveUrl(**
AbstractSecurityToken.java:34)
at
org.apache.shindig.gadgets.**oauth.**GadgetOAuthCallbackGenerator.**
checkGadgetCanRender(**GadgetOAuthCallbackGenerator.**java:117)
at
org.apache.shindig.gadgets.**oauth.**GadgetOAuthCallbackGenerator.**
generateCallback(**GadgetOAuthCallbackGenerator.**java:100)
at
org.apache.shindig.gadgets.**oauth.OAuthRequest.**
addCallback(OAuthRequest.java:**371)
at
org.apache.shindig.gadgets.**oauth.OAuthRequest.**fetchRequestToken(**
OAuthRequest.java:343)
at
org.apache.shindig.gadgets.**oauth.OAuthRequest.**
attemptFetch(OAuthRequest.**java:288)
at
org.apache.shindig.gadgets.**oauth.OAuthRequest.**
fetchWithRetry(OAuthRequest.**java:244)
at
org.apache.shindig.gadgets.**oauth.OAuthRequest.**
fetchNoThrow(OAuthRequest.**java:200)
at
org.apache.shindig.gadgets.**oauth.OAuthRequest.fetch(**
OAuthRequest.java:181)
at
org.apache.shindig.gadgets.**http.DefaultRequestPipeline.**execute(**
DefaultRequestPipeline.java:**108)
at
org.apache.shindig.gadgets.**servlet.MakeRequestHandler.**
fetch(MakeRequestHandler.java:**107)
at
org.apache.shindig.gadgets.**servlet.MakeRequestServlet.**
doGet(MakeRequestServlet.java:**55)
at
org.apache.shindig.gadgets.**servlet.MakeRequestServlet.**
doPost(MakeRequestServlet.**java:68)
at javax.servlet.http.**HttpServlet.service(**HttpServlet.java:727)
at javax.servlet.http.**HttpServlet.service(**HttpServlet.java:820)
at org.mortbay.jetty.servlet.**ServletHolder.handle(**
ServletHolder.java:511)
at
org.mortbay.jetty.servlet.**ServletHandler$CachedChain.**
doFilter(ServletHandler.java:**1221)
at
org.apache.shindig.gadgets.**servlet.ETagFilter.doFilter(**
ETagFilter.java:55)
at
org.mortbay.jetty.servlet.**ServletHandler$CachedChain.**
doFilter(ServletHandler.java:**1212)
at
org.apache.shindig.auth.**AuthenticationServletFilter.**callChain(**
AuthenticationServletFilter.**java:151)
at
org.apache.shindig.auth.**AuthenticationServletFilter.**doFilter(**
AuthenticationServletFilter.**java:96)
at
org.mortbay.jetty.servlet.**ServletHandler$CachedChain.**
doFilter(ServletHandler.java:**1212)
at org.mortbay.jetty.servlet.**ServletHandler.handle(**
ServletHandler.java:399)
at
org.mortbay.jetty.security.**SecurityHandler.handle(**
SecurityHandler.java:216)
at org.mortbay.jetty.servlet.**SessionHandler.handle(**
SessionHandler.java:182)
at org.mortbay.jetty.handler.**ContextHandler.handle(**
ContextHandler.java:766)
at org.mortbay.jetty.webapp.**WebAppContext.handle(**
WebAppContext.java:450)
at
org.mortbay.jetty.handler.**ContextHandlerCollection.**handle(**
ContextHandlerCollection.java:**230)
at
org.mortbay.jetty.handler.**HandlerCollection.handle(**
HandlerCollection.java:114)
at org.mortbay.jetty.handler.**HandlerWrapper.handle(**
HandlerWrapper.java:152)
at org.mortbay.jetty.Server.**handle(Server.java:326)
at org.mortbay.jetty.**HttpConnection.handleRequest(**
HttpConnection.java:542)
at
org.mortbay.jetty.**HttpConnection$RequestHandler.**
content(HttpConnection.java:**945)
at org.mortbay.jetty.HttpParser.**parseNext(HttpParser.java:756)
at
org.mortbay.jetty.HttpParser.**parseAvailable(HttpParser.**java:218)
at org.mortbay.jetty.**HttpConnection.handle(**HttpConnection.java:404)
at
org.mortbay.io.nio.**SelectChannelEndPoint.run(**
SelectChannelEndPoint.java:**410)
at
org.mortbay.thread.**QueuedThreadPool$PoolThread.**
run(QueuedThreadPool.java:582)
On Fri, Jul 1, 2011 at 3:40 AM, Ryan J Baxter<rjbax...@us.ibm.com>
wrote:
Actually I think its probably related to the fact that the OAuth
implementation that comes with Shindig ends up using
TestSecurityTokenCodec.java. This is a default implementation
SecurityToken but has static URL values for the gadget in the security
token, not the actual URL for the gadget. The OAuth code tries to
actually fetch the gadget XML based on the URL in this class and it
fails
because the URL in this class does not exist. If you put the correct
URLs
for your gadget in this class it should work. In a production
environment
you obviously want to use a different implementation of SecurityToken.
-Ryan
Email: rjbax...@us.ibm.com
Phone: 978-899-3041
developerWorks Profile
From: Evgeny
Bogdanov<evgeny.bogdanov@epfl.**ch<evgeny.bogda...@epfl.ch>
To: dev@shindig.apache.org,
Date: 06/30/2011 04:25 PM
Subject: Re: OAuth Error with Shindig
I might be wrong, but it is probably connected to the fact that you
do
not give
security token with gadget spec url.
That is what it says below. I slightly remember something like that,
guess this is why I had to add security token in my tutorial.
"Something went wrong: Could not fetch gadget spec ==== Original
request:
GET /m8/feeds/contacts/default/**base?alt=json Host:
www.google.comX-Shindig-**AuthType: oauth X-Forwarded-For:
0:0:0:0:0:0:0:1 X-shindig-dos: on
===="
On 30/6/11 18:41, Sumedha Sanjeewa wrote:
I'm not sure about that. I used it because it was given in the above
mentioned thread.
My url is
http://localhost:8080/gadgets/**ifr?url=http://dirk.balfanz.**
googlepages.com/contacts.xml<
http://localhost:8080/gadgets/ifr?url=http://dirk.balfanz.googlepages.com/contacts.xml
And I didn't use a security token. I just did the things in the above
thread.
On Thu, Jun 30, 2011 at 7:48 PM, Evgeny
Bogdanov<evgeny.bogdanov@epfl.**ch<evgeny.bogda...@epfl.ch>>wrote:
Are you sure, you want to use RSA_PRIVATE as key_type?
I have HMAC_SHA1 instead.
What is the url you use to render gadget?
What is the value of security token?
On 30.06.11 15:52, Sumedha Sanjeewa wrote:
It's correct. Here is the entry in my oauth.json
"http://dirk.balfanz.**googlep**ages.com/contacts.xml<
http://googlepages.com/contacts.xml>
<
http://dirk.balfanz.**googlepages.com/contacts.xml<
http://dirk.balfanz.googlepages.com/contacts.xml>
"
: {
"google" : {
"consumer_key" : "weitu.googlepages.com",
"consumer_secret" :
"****MIICdgIBADANBgkqhkiG9w0BAQEFAA******
SCAmAwggJcAgEAAoGBALRiMLAh9iim****
ur8VA7qVvdqxevEuUkW4K+****2KdMXmnQbG9Aa7k7eBjK1S+****
0LYmVjPKlJGNXHDGuy5Fw/**
d7rjVJ0BLB+ubPK8iA/****Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZ****
SatdLB81mydBETlJhI6GH4twrbDJCR****2Bwy/****
XWXgqgGRzAgMBAAECgYBYWVtleUzav****
kbrPjy0T5FMou8HX9u2AC2ry8vD/****l7cqedtwMPp9k7TubgNFo+**
NGvKsl2ynyprOZR1xjQ7WgrgVB+****mmuScOM/5HVceFuGRDhYTCObE+**
y1kxRloNYXnx3ei1zbeYLPCHdhxRYW****7T0qcynNmwrn05/**
KO2RLjgQNalsQJBANeA3Q4Nugqy4QB******UCEC09SqylT2K9FrrItqL2QKc9v0Zz**
**
O2uwllCbg0dwpVuYPYXYvikNHHg+****aCWF+****VXsb9rpPsCQQDWR9TT4ORdzoj+**
NccnqkMsDmzt0EfNaAOwHOmVJ2RVBs****pPcxt5iN4HI7HNeG6U5YsFBb+/**
GZbgfBT3kpNGWPTpAkBI+****gFhjfJvRw38n3g/+****
UeAkwMI2TJQS4n8+hid0uus3/**
zOjDySH3XHCUnocn1xOJAyZODBo47E****+67R4jV1/****
gzbAkEAklJaspRPXP877NssM5nAZMU
**0/O/NGCZ+****3jPgDUno6WbJn5cqm8MqWhW1xGkImg****Rk+**
fkDBquiq4gPiT898jusgQJAd5Zrr6Q****8AO/0isr/****
3aa6O6NLQxISLKcPDk2NOccAfS/**
xOtfOz4sJYM3+Bs4Io9+****dZGSDCA54Lw03eHTNQghS0A==",
"key_type" : "RSA_PRIVATE"
}
},
On Thu, Jun 30, 2011 at 6:16 PM, Jasha Joachimsthal<
j.joachimst...@onehippo.com> wrote:
The identifier of your oauth service probably doesn't match, for
Google
it's
"google". See the following example:
"http://www.example.com/****oauthtest.xml<
http://www.example.com/**oauthtest.xml>
<
http://www.example.com/**oauthtest.xml<
http://www.example.com/oauthtest.xml>
"
: {
"google" : {
"consumer_key" : "www.example.com",
"consumer_secret" : "mysecret",
"key_type" : "HMAC-SHA1"
}
}
Jasha Joachimsthal
Europe - Amsterdam - Oosteinde 11, 1017 WT Amsterdam - +31(0)20
522
4466
US - Boston - 1 Broadway, Cambridge, MA 02142 - +1 877 414 4776
(toll
free)
www.onehippo.com
On 30 June 2011 14:42, Sumedha Sanjeewa<sumed...@wso2.com> wrote:
Hi Evgeny,
Ok. Now I'm clear about this. So I should be able to test a oauth
gadget.
But I'm unable to test oauth as you said although I had changed
the
oauth.json. When I test a oauth gadget above error comes out.
Also
I'm
not
getting to approve oauth.
Is my oauth.json is not read by shindig, because I got the same
error
when
i used a Gadget Server which was based on shindig and I was able
to
solve
it after adding the OAuth consumer details.
On Thu, Jun 30, 2011 at 3:23 PM, Evgeny Bogdanov<
evgeny.bogda...@epfl.ch
wrote:
Yes. That's correct. You can only change oauth.json file to test
oauth
in
shindig.
However, if you restart the shindig server, all oauth keys will
be
lost
since they
are not saved in DB, which means users will have to again
approve
oauth
for
all
oauth gadgets.
On 30.06.11 08:25, Sumedha Sanjeewa wrote:
Hi,
Thanks for the above. But still i'm not clear about this.
According to
the
above I should be able to get Shindig work with OAuth using
oauth.json
without implementing new class. As I understood these changes are
only necessary if I'm going to use Shindig to a product where
oauth
data
are
stored in DB's. Am I correct or do I need to modify shindig
although
using
oauth.json which is already in Shindig.
On Wed, Jun 29, 2011 at 1:55 PM, Evgeny
Bogdanov<evgeny.bogdanov@epfl.
**
ch<evgeny.bogda...@epfl.ch>>****wrote:
To add your implementation to shindig, you can add it into
SocialApiGuiceModule.java like this
import org.apache.shindig.social.********opensocial.oauth.****
OAuthDataStore;
import org.apache.shindig.social.********sample.oauth.****
SampleOAuthDataStore;
and
bind(OAuthDataStore.class).to(********SampleOAuthDataStore.****
class);
Change SampleOAuthDataStore into your own class.
Implement your class according to SampleOAuthDataStore.java
The sample class uses json-db, if you need a persistent
data-store
(like
mysql, posgres),
you have to implement it yourself. Do it similarly to
JsonDbOpensocialService.
Hope it answers your questions
Best
Evgeny
On 29.06.11 05:55, Sumedha Sanjeewa wrote:
Thanks Augustin and Evgeny.
In the Java version there is a BasicOAuthStore class which
implements
the
OAuthStore. So can i use that. Also please can you explain me
how i
should
implement this class. (In which package,where to access the
class
etc)
On Tue, Jun 28, 2011 at 7:32 PM, Evgeny
Bogdanov<evgeny.bogdanov@epfl.
*
***
ch<evgeny.bogda...@epfl.ch>>******wrote:
Hi
attached is an example tutorial I wrote some time ago. It
was
working
with
Shindig 2.0.
Did not check newer versions.
This is more a proof-of-concept that uses oauth.json file.
If you wish a production ready implementation, you need to
implement
your
own oAuthDataStore class,
as Agustin wrote.
Best
Evgeny
On 28.06.11 15:40, Agustin Casiva wrote:
Hi, I don't have experience with the Java version of
Shindig.
But
in
PHP
I
had to implement several class to get shindig working with
oauth
from
gadgets. The most important class was the implementation of
OAuthDataStore,
this class handles the Tokens requested to the service
provider.
I assume that in the Java version should be the same, maybe
you
need
implement some class to make the feature work.
I will try to check that and I will let you know.
Regards
On Tue, Jun 28, 2011 at 2:16 AM, Sumedha Sanjeewa<
sumed...@wso2.com
wrote:
Hi,
Can someone help me
Thanks in advance
On Mon, Jun 27, 2011 at 5:41 PM, Sumedha Sanjeewa<
sumed...@wso2.com>
wrote:
Hi,
I'm new to Shindig and I want to try an OAuth gadget
with
Shindig.
I
followed the steps mentioned in this thread [1]. I checked out
the
current
source code in the trunk
Also I used 'mvn -Prun' to start the Jetty server from
the
base
directory.
Normal gadgets works fine but when i try the sample
gadget
given
in
the
above thread i am getting this error.
"Something went wrong: Could not fetch gadget spec ====
Original
request:
GET /m8/feeds/contacts/default/**********base?alt=json
Host:
www.google.comX-Shindig-**********AuthType: oauth
X-Forwarded-For:
0:0:0:0:0:0:0:1
X-shindig-dos: on
===="
Please can someone help me with this.
[1]
http://groups.google.com/*******
***group/oauth/browse_thread/****<
http://groups.google.com/********group/oauth/browse_thread/**>
<
http://groups.google.com/********group/oauth/browse_thread/**<
http://groups.google.com/******group/oauth/browse_thread/**>
<
http://groups.google.com/*******
*group/oauth/browse_thread/**<
http://groups.google.com/******group/oauth/browse_thread/**>
<
http://groups.google.com/******group/oauth/browse_thread/**
<http://groups.google.com/****group/oauth/browse_thread/**>
<h**ttp://groups.google.com/********group/oauth/browse_thread/****<
http://groups.google.com/******group/oauth/browse_thread/**>
<
http://groups.google.com/******group/oauth/browse_thread/**<
http://groups.google.com/****group/oauth/browse_thread/**>
**<
http://groups.google.com/******
group/oauth/browse_thread/**<
http://groups.google.com/****group/oauth/browse_thread/**>
<
http://groups.google.com/****group/oauth/browse_thread/**<
http://groups.google.com/**group/oauth/browse_thread/**>
thread/5dea93b44dbbb628<http:/********/groups.google.com/**group/****<
http://groups.google.com/group/****>
<
http://groups.google.com/**group/**<
http://groups.google.com/group/**>
oauth/browse_thread/thread/********5dea93b44dbbb628<http://**
groups.google.com/group/oauth/******browse_thread/thread/**<
http://groups.google.com/group/oauth/****browse_thread/thread/**>
<
http://groups.google.com/**group/oauth/**browse_thread/**
thread/**<
http://groups.google.com/group/oauth/**browse_thread/thread/**>
5dea93b44dbbb628<
http://groups.google.com/****group/oauth/browse_thread/**
<http://groups.google.com/**group/oauth/browse_thread/**>
thread/5dea93b44dbbb628<
http://groups.google.com/**group/oauth/browse_thread/**
thread/5dea93b44dbbb628<
http://groups.google.com/group/oauth/browse_thread/thread/5dea93b44dbbb628
Thanks
--
Regards,
Sumedha Kodithuwakku
(SumedhaS)
--
Regards,
Sumedha Kodithuwakku
(SumedhaS)
--
Regards,
Sumedha Kodithuwakku
(SumedhaS)
