Hi Akash, I feel you frustration. I'm also starting down the path of trying to authenticate orkut with my app, and was having problems. For me, the frustration comes from the fact that information is so scattered and there isn't a clear user guide that covers the 2-legged, 3-legged authentications, as well as the different registration steps necessary to get things going. I'm writting my app in java, and I essentially want to fetch the user's scrapbook messages, and updates but it has been a tough road. The java examples are nice, but they are doing pretty simple things, most of the time just getting public data. It would be nice to see an example on how to get to the scrapbook messages, or update feed. Also the Orkut provider seems to be broken for 3-legged authentication since it has null values for the Request, Authentication and Access token urls.
Anyways, getting back to your immediate need. It shouldn't matter if you are using .Net, java or any other client. The data that you need to pass to the server is the same. If you play around with the oauth_playground using the gmail or some other service and get it to work you will see all the parameters that you need to pass. I'd start out using the playground but not using the URL that you used, instead use one of the predefined ones just to see what is being passed back & forth from the servers. Then once you have that working, and have a sense for it, try plugging in your URL and debug it from there. Look at the post I created a little while back, someone posted some good information on an important step about how to register your service and get your id & secret keys. http://groups.google.com/group/opensocial-orkut/browse_thread/thread/8f1285f895e80d43/b9aa660b9f849d32#b9aa660b9f849d32 I hope I have helped in some way. On Nov 17, 2:40 am, Akash <akashmaheshw...@gmail.com> wrote: > Hi Shishir, > Here are answers for your questions:- > 1. On my back end server I am trying to authenticate request from > orkut. > 2. I am using mechanism as provided in following URL > > http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests > > 3. I dont have environment for doing development using java hence it > is not possible for me to try the example. I am asking one simple > question > > "Since I am using .NET web service and there is no sample code for > ASP .NET Web Service, I need the exact information of parameters used > to generate the base signature.". Please let me know if this is a > unreasonable question? > > Here is the code that I am trying > > public string GenerateSignatureBase(Uri url, string consumerKey, > string consumerSecret, string token, string tokenSecret, string > httpMethod, string timeStamp, string nonce, string signatureType) > { > List<QueryParameter> parameters = new List<QueryParameter> > (); > parameters.Add(new QueryParameter > ("oauth_body_hash","Ky4lfOVNobK9k5TFKBaax4p1QXk=")); > parameters.Add(new QueryParameter > ("oauth_consumer_key","orkut.com")); > parameters.Add(new QueryParameter("oauth_nonce", > "1257504988478336000")); > parameters.Add(new QueryParameter > ("oauth_signature_method","RSA-SHA1")); > parameters.Add(new QueryParameter("oauth_timestamp", > "1257504988")); > parameters.Add(new QueryParameter > ("oauth_version","1.0")); > parameters.Add(new QueryParameter > ("opensocial_app_id","07513949224686644859")); > parameters.Add(new QueryParameter > ("opensocial_app_url","http://www.knownmarket.com/KMWeb/ > KnownMarket.xml")); > parameters.Add(new QueryParameter > ("opensocial_container","http://www.orkut.com";)); > parameters.Add(new QueryParameter > ("opensocial_owner_id","04260157720044639260")); > parameters.Add(new QueryParameter > ("opensocial_viewer_id","04260157720044639260")); > parameters.Add(new QueryParameter("xoauth_public_key","pub. > 1199819524.-1556113204990931254.cer")); > parameters.Add(new QueryParameter > ("xoauth_signature_publickey","pub. > 1199819524.-1556113204990931254.cer")); > parameters.Add(new QueryParameter("oauth_token", "")); > > parameters.Sort(new QueryParameterComparer()); > > string normalizedRequestParameters > =NormalizeRequestParameters(parameters); > > StringBuilder signatureBase = new StringBuilder(); > signatureBase.AppendFormat("{0}&", "POST"); > signatureBase.AppendFormat("{0}&", > UrlEncode("http://www.knownmarket.com/KMWeb/listingSvc.asmx";)); > signatureBase.AppendFormat("{0}", UrlEncode > (normalizedRequestParameters)); > return signatureBase.ToString(); > } > > X509Certificate Cert = X509Certificate.CreateFromCertFile > ( Request.PhysicalApplicationPath + "/bin/pub. > 1199819524.-1556113204990931254.cer"); > RSACryptoServiceProvider Provider = > CertUtil.GetCertPublicKey(Cert); > OAuth.OAuthBase ba = new OAuthBase(); > string baseString = ba.GenerateSignatureBase(Request.Url, > Request.QueryString["oauth_consumer_key"], "", Request.QueryString > ["oauth_token"], "",Request.HttpMethod, Request.QueryString > ["oauth_timestamp"], Request.QueryString["oauth_nonce"], "RSA-SHA1"); > > string signature= "gTlTW2N5WysQNzfvc2/tT4+ZkIviFEaj2xoB/ > wInZR8+rtwrbNNuKl+jDLx5QQ71Z6LIacBogaXRw3eA0U/PWiF6G1Hwhd/ > 4+GHlBBXsaKLsC1Ar6/e0D5pvAzN97a8KWfBHMg5kwsF3+OrxVd6Hph+OLRWEUSs/ > wyG3HK2GpOE="; > byte[] sign = Convert.FromBase64String(signature); > > byte[] bstring = Encoding.UTF8.GetBytes(baseString); > Response.Write(Provider.VerifyData(bstring, "SHA1", > sign)); > > On Nov 17, 12:08 pm, "Shishir Birmiwal (Google)" > > > > <shishir.birmi...@google.com> wrote: > > -others > > > Hi Akash, > > > 1. Are you trying to authenticate a request from orkut to your backend > > server, or trying to send an authenitcated request from your backend server > > to orkut? > > > 2. Are you sure that you are using 2-legged-oauth? > > > 3. The sample application in opensocial-java-client has a working demo of > > how a request is sent to orkut from a backend server. Please see if that > > helps. > > > Cheers, > > Shishir > > > On Tue, Nov 17, 2009 at 11:42 AM, Akash <akashmaheshw...@gmail.com> wrote: > > > Folks, > > > Still I am not able to get answer to this question and I am really > > > frustrated here. I anyway have plan to move my application to facebook > > > but if this problem is not solved I will be left with no choice and > > > remove support for Orkut. Please note this is not threat but a > > > practical issue as any hacker can mess with my application data. > > > Please correct me if my understanding is wrong. > > > > Thanks, > > > -Akash > > > (PS: I am ccing everybody I know in orkut developer team, sorry for > > > this spam) > > > > On Nov 16, 1:56 pm, Akash <akashmaheshw...@gmail.com> wrote: > > > > Hi Orkut Development team, > > > > It is almost one year now and I am not able to get the solution to > > > > this aurthentication problem. I am glad that you have provided sample > > > > codes of authentication for various server side languages. Since I am > > > > using .NET web service and there are no sample code for it I need the > > > > exact information of parameters used to generate the base signature. > > > > > If somebody who is using some other server side language can share a > > > > sample of the parameters added to the request, generated base > > > > signature and signature that will be great help. I will use these > > > > parameters to verify my program. > > > > > Thanks, > > > > -Akash > > > > > On Nov 13, 2:50 pm,Akash<akashmaheshw...@gmail.com> wrote: > > > > > > Ping as the problem is not solved yet for me :( > > > > > > On Nov 12, 3:20 pm,Akash<akashmaheshw...@gmail.com> wrote: > > > > > > > Hi Prashant, > > > > > > Thanks for looking into this issue. I have tried all libraries > > > > > > available hence the issue in unlikely in library. Can you please > > > > > > provide me following:- > > > > > > > 1. List of parameters that are added to the post request by orkut > > > > > > proxy server to my post request (It is a soap request). A sample > > > > > > post > > > > > > request will all parameters. > > > > > > 2. What should be base signature URL for this sample request. > > > > > > > I will feed above data into my code and it is works in my code. In > > > > > > case it does not work then the problem is in my code otherwise > > > > > > somewhere else. > > > > > > > I just triedhttp://googlecodesamples.com/oauth_playground/will > > > > > > following parameters. > > > > > > > URL:http://www.knownmarket.com/KMWeb/listingSvc.asmx > > > > > > outh_signature_method: RSA-SHA1 > > > > > > outh_consumer_key: orkut.com > > > > > > POST Data: > > > > > > > <?xml version="1.0" encoding="utf-8"?><soap12:Envelope > > > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > > > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:soap12=" > > >http://www.w3.org/2003/05/soap-envelope";><soap12:Body><ListLocalities > > > > > > xmlns="KM"><cityId>14</cityId></ListLocalities></soap12:Body></ > > > > > > soap12:Envelope> > > > > > > > I get the response as > > > > > > **** > > > > > > Couldn't resolve host '< > > > > > > **** > > > > > > > So let me know what else I can do. The server is not owned by me. > > > > > > > Thanks, > > > > > > -Akash > > > > > > > On Nov 12, 2:10 pm, "Prashant (Google)" <p...@google.com> wrote: > > > > > > > > HiAkash, > > > > > > > > This being a POST request, it would be difficult to debug at our > > > end > > > > > > > with only the currently available data. > > > > > > > > But assuming that you're sending the right set of parameters that > > > the > > > > > > > server expects and that you're encoding them correctly in your > > > query > > > > > > > string, you may try generating the base string using some other > > > OAuth > > > > > > > library, or give the online OAuth Playground a try athttp:// > > > googlecodesamples.com/oauth_playground/. > > > > > > > > Otherwise, if it's you who own the server as well, you may also > > > want > > > > > > > to verify as an added measure that the server endpoint is using > > > > > > > the > > > > > > > correct certificate too and calculating the correct signature > > > > > > > accordingly. > > > > > > > > Those are some checkpoints that immediately come to mind. Please > > > > > > > go > > > > > > > through them and let us know if anything gives. > > > > > > > > Thanks, > > > > > > > Prashant. > > > > > > > > On Nov 12, 12:04 am,Akash<akashmaheshw...@gmail.com> wrote: > > > > > > > > > Folks please help me in this issue. > > > > > > > > > Thanks, > > > > > > > > -Akash > > > > > > > > > On Nov 6, 5:50 pm,Akash<akashmaheshw...@gmail.com> wrote: > > > > > > > > > > Hi Robson, > > > > > > > > > Thanks a lot for the reply. I am still not able to get it > > > working :- > > > > > > > > > (. Please note I am using ASP.NET web services. > > > > > > > > > > Here is my exact code snippet that I am using for proof of > > > concept > > > > > > > > > for getting authentication working. > > > > > > > > > > public string GenerateSignatureBase(Uri url, string > > > > > > > > > consumerKey, string consumerSecret, string token, string > > > tokenSecret, > > > > > > > > > string httpMethod, string timeStamp, string nonce, string > > > > > > > > > signatureType) > > > > > > > > > { > > > > > > > > > List<QueryParameter> parameters = new > > > List<QueryParameter> > > > > > > > > > (); > > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > > ("oauth_body_hash","Ky4lfOVNobK9k5TFKBaax4p1QXk=")); > > > > > > > > > parameters.Add(new QueryParameter > > > > > > > > > ("oauth_consumer_key","orkut.com")); > > > > > > > > > parameters.Add(new > > ... > > read more » -- You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-or...@googlegroups.com. To unsubscribe from this group, send email to opensocial-orkut+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=.
