Thanks for the reply. I looked over the documentation you gave it to me, and I have some problems validating signed requests. I see there are 2 methods for doing this, HMAC-SHA1 and RSA-SHA1. I tested the RSA-SHA1 example, and it worked fine, but I didn't figure it out how certificates work and where to get one. The second one, HMAC-SHA1, sound more familiar to me, so I obtained the OAuth_Consumer_Key and OAuth_Consumer_Secret ( through gadget ownership verification ) for my application. So far, so good, but when I make a javascript signed request, the OAuth class fails to validate it. I looked over the POST variables and I noticed that oauth_signature_method was "RSA-SHA1". Is there a way to change the auth_signature_method to "HMAC-SHA1", or I'm just doing it wrong?
Here is the server-side code: $consumer = new OAuthConsumer( $OAuth_Consumer_Key, $OAuth_Consumer_Secret ); //Build a request object from the current request $request = OAuthRequest::from_request(null, null, array_merge($_GET, $_POST)); //Initialize the new signature method $signature_method = new OAuthSignatureMethod_HMAC_SHA1(); //Check the request signature @$signature_valid = $signature_method->check_signature($request, $consumer, null, $_GET["oauth_signature"]); //Build the output object $payload = array(); if ($signature_valid == true) { $payload["validated"] = "Success! The data was validated"; } else { $payload["validated"] = "This request was spoofed"; } //Add extra parameters to help debugging $payload["query"] = array_merge($_GET, $_POST); $payload["rawpost"] = file_get_contents("php://input"); //Return the response as JSON print(json_encode($payload)); -- You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-or...@googlegroups.com. To unsubscribe from this group, send email to opensocial-orkut+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en.