Hello all, I am new to opensocial and I am trying to write a orkut container application. I have come across the following URL which showed a sample code on how to validate the signed request using PHP.
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests A link to the oauth library files is also given in the above link. it is http://oauth.googlecode.com/svn-history/r526/code/php/ Now I am using the above php library files and code shown in the first link. Code of my xml file is <?xml version="1.0" encoding="UTF-8"?> <Module> <ModulePrefs title="secoand" /> <Content type="html"><![CDATA[ <script> function makeSignedRequest() { var params = {}; params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.SIGNED; params[gadgets.io.RequestParameters.CONTENT_TYPE] = gadgets.io.ContentType.JSON; var url = "http://59.93.115.113/orkut_app/index.php";; gadgets.io.makeRequest(url, response, params); }; function response(ret) { output(ret.data); var html = [ ret.data.validated, "<br />", "oauth_consumer_key: ", ret.data.query.oauth_consumer_key, "<br />", "oauth_nonce: ", ret.data.query.oauth_nonce, "<br />", "oauth_signature: ", ret.data.query.oauth_signature, "<br />", "oauth_signature_method: ", ret.data.query.oauth_signature_method, "<br />", "oauth_timestamp: ", ret.data.query.oauth_timestamp, "<br />", "oauth_token: ", ret.data.query.oauth_token, "<br />", "opensocial_appid: ", ret.data.query.opensocial_appid, "<br />", "opensocial_ownerid: ", ret.data.query.opensocial_ownerid, "<br />", "xoauth_signature_publickey: ", ret.data.query.xoauth_signature_publickey ].join(""); output(html); }; makeSignedRequest(); </script> Hello, world! Hello World ]]></Content> </Module> CODE OF THE SERVER SIDE PHP SCRIPT IS - <?php require_once("OAuth.php"); class OrkutSignatureMethod extends OAuthSignatureMethod_RSA_SHA1 { protected function fetch_public_cert(&$request) { return <<<EOD -----BEGIN CERTIFICATE----- MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk= -----END CERTIFICATE----- EOD; } } //Build a request object from the current request $request = OAuthRequest::from_request(null, null, array_merge ($_GET, $_POST)); //Initialize the new signature method $signature_method = new OrkutSignatureMethod(); //Check the request signature @$signature_valid = $signature_method->check_signature($request, null, null, $_GET["oauth_signature"]); //Build the output object $payload = array(); if ($signature_valid == true) { $payload["validated"] = "Success! The data was validated"; } else { $payload["validated"] = "This request was spoofed"; } //Add extra parameters to help debugging $payload["query"] = array_merge($_GET, $_POST); $payload["rawpost"] = file_get_contents("php://input"); //Return the response as JSON print(json_encode($payload)); $j_s=json_encode($payload); $h=fopen("dump.txt", "w+r"); foreach($payload as $key){ $sss=$sss. "--". $key; } fwrite($h,$sss,8192); fwrite($h,$j_s,8192); ?> I dont see any output or atleast any error message in the container. Excet Hello, world! Hello World. So I tried to dump the $payload into a file to know whats going on. I always see the "This request was spoofed" as an output (in the dump.txt). I know that I am missing something. Can anyone tell me why the signed request was not verified. Please let me know if anything is wrong in the code, But I am sure these codes was taken from documentation. Please do reply me. Thank you. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to opensocial-orkut+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---
