Nevermind, just found the answer to my question on the wiki: "Updated The location of the certificate on Orkut's server is purposefully not machine computable. You should not write code to automatically fetch new certificates from Orkut's server, as there is no way to automaticaly determine whether you should trust the new certificate. We will give advance notice when the certificate is scheduled to change, in order to give you enough time to manually download the certificate and install it in your key cache."
On Feb 18, 1:05 pm, Alex E <[EMAIL PROTECTED]> wrote: > Why doesn't the parameter contain the full URL of the key file? > Surely it won't be served off of the sandbox forever, right? > > Alex > > On Jan 24, 11:27 am, "Arne Roomann-Kurrik (Google)" > > <[EMAIL PROTECTED]> wrote: > > Hi David and Pacheco, > > > Currently the signed request specifies the file: pub. > > 1199819524.-1556113204990931254.cer > > > This is located > > athttp://sandbox.orkut.com/46/o/pub.1199819524.-1556113204990931254.cer > > - sorry that this isn't documented anywhere; I'll be working on > > getting instructions pushed out. > > > Keep in mind that you should not fetch this key on each request - pull > > it once and index it in a cache somewhere. If the key ever changes, > > the file specified in the signed request will change as well. > > > Let me know if you need any more help validating requests - I've been > > able to successfully validate them in PHP. > > > ~Arne > > > On Jan 22, 6:18 am, pacheco <[EMAIL PROTECTED]> wrote: > > > > I need that info too. > > > > Google guys, can you comment on that please? > > > > On Jan 21, 2:23 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > > > > Anyone care to reply to this, even to tell me I'm a dullard > > > > and the answer is completely obvious ?? > > > > > afaict there's no way to verify an Orkut makeRequest() call > > > > without knowing this public key. Surely there's at least one > > > > person on the planet who has succeeded in doing this ? > > > > > Thanks again. > > > > > On Jan 18, 8:46 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > > > > > I'm attempting to implement a server that accepts and verifies signed > > > > > requests from makeRequest(), via the Orkut sandbox proxy. > > > > > > The trail goes dead for me at xoauth_signature_publickey. > > > > > I'm assuming that somewhere Google publishes their public key. > > > > > Any pointers on where to find it welcome. > > > > > > Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---
