Thanks for the reply.
I looked over the documentation you gave it to me, and I have some
problems validating signed requests.
I see there are 2 methods for doing this, HMAC-SHA1 and RSA-SHA1.
I tested the RSA-SHA1 example, and it worked fine, but I didn't figure
it out how certificates work and where to get one.
The second one, HMAC-SHA1, sound more familiar to me, so I obtained
the OAuth_Consumer_Key and OAuth_Consumer_Secret ( through gadget
ownership verification ) for my application.
So far, so good, but when I make a javascript signed request, the
OAuth class fails to validate it.
I looked over the POST variables and I noticed that
oauth_signature_method was "RSA-SHA1".
Is there a way to change the auth_signature_method to "HMAC-SHA1", or
I'm just doing it wrong?
Here is the server-side code:
$consumer = new OAuthConsumer( $OAuth_Consumer_Key,
$OAuth_Consumer_Secret );
//Build a request object from the current request
$request = OAuthRequest::from_request(null, null, array_merge($_GET,
$_POST));
//Initialize the new signature method
$signature_method = new OAuthSignatureMethod_HMAC_SHA1();
//Check the request signature
@$signature_valid = $signature_method->check_signature($request,
$consumer, null, $_GET["oauth_signature"]);
//Build the output object
$payload = array();
if ($signature_valid == true) {
$payload["validated"] = "Success! The data was validated";
} else {
$payload["validated"] = "This request was spoofed";
}
//Add extra parameters to help debugging
$payload["query"] = array_merge($_GET, $_POST);
$payload["rawpost"] = file_get_contents("php://input");
//Return the response as JSON
print(json_encode($payload));
--
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to opensocial-or...@googlegroups.com.
To unsubscribe from this group, send email to
opensocial-orkut+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=en.
