Thx paps was using it.. and ended up using
String encoded = OAuthServlet.getMessage(request, "example.com
").getSignature();
String signature = request.getParameter("oauth_signature");
then to my surprise I saw that these two values to be the same. This
happened without validating using the public key which to me was really very
strange.... Any insight...
Is this how it is supposed to work? I had some more code added to do
verification but wight now that seemed immaterial. Any insight as to why
this may be happening.
This is how my log file looked like
02:01:36,215 DEBUG orkut:51 -
Message:aKrCTy/bz/u3EIOSgZRwh2yuqEF8qq19rMqxAIQZkucmYpfjHcFIsdgQw5yYv+msHRVfu+0uqZwdABIJD1Vh+W/akQWR1IqLtWur55USfH
MHO0jE8AZfo/V5+1iO+CWpV6jy/zRXgbx2GSdjYFZ23dqKeM0v6Son41e+BqwtQwU=
02:01:36,218 DEBUG orkut:54 - opensocial_ownerid
02:01:36,218 DEBUG orkut:55 - 937892724534
02:01:36,218 DEBUG orkut:54 - oauth_signature
02:01:36,219 DEBUG orkut:55 -
aKrCTy/bz/u3EIOSgZRwh2yuqEF8qq19rMqxAIQZkucmYpfjHcFIsdgQw5yYv+msHRVfu+0uqZwdABIJD1Vh+W/akQWR1IqLtWur55USfHMHO0jE8A
Zfo/V5+1iO+CWpV6jy/zRXgbx2GSdjYFZ23dqKeM0v6Son41e+BqwtQwU=
Parag
On Feb 4, 2008 12:13 PM, paps <[EMAIL PROTECTED]> wrote:
>
> Hi parag,
> I think this will provide u some help ..
>
> http://oauth.googlecode.com/svn/code/java/core/src/main/java/net/oauth/OAuth.java
>
> :)
>
> Rgds,
> Paps
>
> On Feb 1, 2:36 am, "Reinoud Elhorst" <[EMAIL PROTECTED]> wrote:
> > It depends what you mean by "this". Checking an oauth signature should
> not
> > be a problem in any language. I'm sure there are oAuth libraries for
> java,
> > and if not creating one would be rather simple. All it is is some url
> > encoding and checking a private/public key signature.
> >
> > On 1/31/08, Parag Dhanuka <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> > > Can this be done with Java as well? I saw an OAuth java library which
> > > seems to be doing some of what oauth.php does but still wanted to know
> if
> > > this can be done or I ll have to resort to php
> >
> > > On Jan 31, 2008 6:05 PM, Reinoud Elhorst <[EMAIL PROTECTED]> wrote:
> >
> > > > That is indeed how it should work, not sure whether it actually
> works
> > > > that way on Orkut right now.
> >
> > > > On 1/31/08, JohnE <[EMAIL PROTECTED]> wrote:
> >
> > > > > Hi,
> >
> > > > > Then, if the viewer allowed your information to be shared (as not
> > > > > anonymous), the restricted information as ViewerID will be sent to
> the
> > > > > third party server authenticated by OAuth?
> >
> > > > > Thanks
> >
> > > > > On Jan 30, 10:56 pm, "Arne Roomann-Kurrik (Google)"
> > > > > <[EMAIL PROTECTED]> wrote:
> > > > > > ViewerID is a field that will not always be available to
> > > > > applications
> > > > > > (we don't want to share data about the viewer with the
> application
> > > > > > unless the viewer has explicitly allowed this information to be
> > > > > > shared). Orkut is expecting a push this Friday that will
> implement
> > > > > > access control lists, which should start giving users the option
> to
> > > > > > share their information with the application. Once this value
> is
> > > > > > shared, it can be sent back to a third party site.
> >
> > > > > > Hope this clears things up a bit,
> > > > > > ~Arne
> >
> > > > > > On Jan 30, 5:07 pm, JohnE <[EMAIL PROTECTED]> wrote:
> >
> > > > > > > Hi,
> >
> > > > > > > Sounds good! =)
> >
> > > > > > > But, about the others essential data as viewerID? It will be
> > > > > > > authenticated by OAuth asopensocial_owneridcurrently?
> >
> > > > > > > Thanks
> >
> > > > > > > On Jan 30, 4:28 pm, "Arne Roomann-Kurrik (Google)"
> >
> > > > > > > <[EMAIL PROTECTED]> wrote:
> > > > > > > > Hi John,
> >
> > > > > > > > We know that the IDs currently don't match what you would
> get
> > > > > with a
> > > > > > > > Person.getId() call. I've filed a bug with the engineers to
> get
> > > > > this
> > > > > > > > issue resolved.
> >
> > > > > > > > Thanks,
> > > > > > > > ~Arne
> >
> > > > > > > > On Jan 29, 3:37 pm, JohnE <[EMAIL PROTECTED]> wrote:
> >
> > > > > > > > > Hi,
> >
> > > > > > > > > Yes, works fine now. But I think that lack on
> authentication
> > > > > some
> > > > > > > > > essential data for the development on third part servers
> (as
> > > > > viewer
> > > > > > > > > ID,opensocial_owneridas same of opensocial.Person.getId
> ()).
> >
> > > > > > > > > Any idea about it?
> >
> > > > > > > > > Thanks
> >
> > > > > > > > > On Jan 29, 5:56 pm, pacheco <[EMAIL PROTECTED]> wrote:
> >
> > > > > > > > > > It works now:
> >
> > > > > > > > > > "Success! The data was validated"
> >
> > > > > > > > > > Tks Arne!
> > > > > > > > > > Pacheco
> >
> > > > > > > > > > On Jan 28, 10:08 pm, "Arne Roomann-Kurrik (Google)"
> >
> > > > > > > > > > <[EMAIL PROTECTED]> wrote:
> > > > > > > > > > > Hey,
> >
> > > > > > > > > > > Since that page was posted a change was checked
> into
> > > > > theOAuth
> > > > > > > > > > > library that breaks signing requests. For more
> > > > > information, a bug has
> > > > > > > > > > > been filed here:
> >
> > > > > > > > > > >http://code.google.com/p/oauth/issues/detail?id=7
> >
> > > > > > > > > > > Until the patch is committed to the project, you
> can
> > > > > try this fix:
> >
> > > > > > > > > > > Change the line inOAuth.php that reads:
> > > > > > > > > > > if( $parts['port'] != '80' ){
> > > > > > > > > > > to
> > > > > > > > > > > if( isset($parts['port']) && $parts['port'] !=
> '80' ){
> >
> > > > > > > > > > > Please let me know if that resolves the problem.
> >
> > > > > > > > > > > Thanks,
> > > > > > > > > > > ~Arne
> >
> > > > > > > > > > > On Jan 28, 10:28 am, pacheco <[EMAIL PROTECTED]> wrote:
> >
> > > > > > > > > > > > Lane / Arne, not working for me either:
> >
> > > > > > > > > > > > "This request was spoofed"
> >
> > > > > > > > > > > > Anyways, tks for the explanation...
> >
> > > > > > > > > > > > Did anyone found a way to implement it successfully?
> >
> > > > > > > > > > > > Thanks in advance
> > > > > > > > > > > > Pacheco
> >
> > > > > > > > > > > > On Jan 24, 11:12 pm, Lane LiaBraaten <
> > > > > [EMAIL PROTECTED]> wrote:
> >
> > > > > > > > > > > > > Hi Everyone,
> >
> > > > > > > > > > > > > Arne put together a page with information on how
> to
> > > > > use the
> > > > > > > > > > > > > makeRequest method to send signed requests to your
> > > > > server. His
> > > > > > > > > > > > > examples include both client-side gadget code and
> some
> > > > > PHP code that
> > > > > > > > > > > > > runs on the server to validate the request.
> >
> > > > > > > > > > > > > Check it out here:
> > > > >
> http://groups.google.com/group/opensocial/web/validating-signed-reque.
> > > > > ..
> >
> > > > > > > > > > > > > Cheers,
> > > > > > > > > > > > > Lane
> >
> > > --
> > > Parag Dhanuka
> >
>
--
Parag Dhanuka
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Orkut Discussion" group.
To post to this group, send email to opensocial-orkut@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---
