Hi Arne, I m using the sample php code at http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSignedRequests
but every time I make a signed request from the application the authentication fails. I am using the Poor Man's PHP Key Cache. posted above by Johannes my code is as below... <?php error_reporting(E_ALL ^ E_NOTICE); require_once("OAuth.php"); require("cert_file_accessor.php"); //Determine the URL of the request $url = ( $_SERVER['HTTPS'] ? "https://" : "http://" ) . $_SERVER['HTTP_HOST'] . ($_SERVER['HTTP_PORT'] ? (":" . $_SERVER['HTTP_PORT']) : "") . $_SERVER['PHP_SELF']; //Orkut's public key certificate $cert_accessor = new CertFileAccessor('/certs', 'orkut'); $cert = $cert_accessor- >getPublicKey($_REQUEST['xoauth_signature_publickey']); //Compute the raw form of the signed request using the OAuth library. $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url, array_merge($_GET, $_POST)); $sig = array( OAuthUtil::urlencodeRFC3986($req->get_normalized_http_method()), OAuthUtil::urlencodeRFC3986($req->get_normalized_http_url()), OAuthUtil::urlencodeRFC3986($req->get_signable_parameters()), ); $raw = implode("&", $sig); //Get the signature passed in the query and urldecode it $signature = base64_decode($_GET["oauth_signature"]); //Pull the public key ID from the certificate $publickeyid = openssl_get_publickey($cert); //Check the computer signature against the one passed in the query $ok = openssl_verify($raw, $signature, $publickeyid); //Release the key resource openssl_free_key($publickeyid); //Pass JSON data back $payload = array(); if ($ok == 1) { $payload["validated"] = "Success! The data was validated"; } else { $payload["validated"] = "This request was spoofed"; } //Include some extra information for debugging $payload["raw"] = $raw; $payload["query"] = $_GET; $payload["url"] = $url; $payload["getandpost"] = array_merge($_GET, $_POST); $payload["rawpost"] = file_get_contents('php://input'); print($payload["validated"]); ?> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---