You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by Brian Eaton <be...@google.com> on 2008/10/07 20:40:56 UTC

Re: [opensocial-and-gadgets-spec] Re: OAuth params question

On Fri, Oct 3, 2008 at 10:46 AM, Eiji Kitamura <ag...@gmail.com> wrote:
> The spec still says that public key is presented with
> xoauth_public_key while Brian recommends and Shindig's actually using
> xoauth_signature_publickey. Which way should we go?

Shindig should switch to xoauth_public_key.

>> Is this still case?
>> Shindig implements it on "http://container-hostname/public.cer" (on PHP).
>>
>> I can't find public key for iGoogle which xoauth_signature_publickey
>> is pub.1199819524.-1556113204990931254.cer I received via OAuth
>> request. Key on following page didn't work:
>> https://sites.google.com/site/oauthgoog/oauth-proxy

iGoogle and Orkut haven't implemented that part of the opensocial spec.

Re: [opensocial-and-gadgets-spec] Re: OAuth params question

Posted by Eiji Kitamura <ag...@gmail.com>.

Hi Brian,


2008/10/8 Brian Eaton <be...@google.com>:
> On Fri, Oct 3, 2008 at 10:46 AM, Eiji Kitamura <ag...@gmail.com> wrote:
>> The spec still says that public key is presented with
>> xoauth_public_key while Brian recommends and Shindig's actually using
>> xoauth_signature_publickey. Which way should we go?
>
> Shindig should switch to xoauth_public_key.

In the same thread you told me that:

On Tue, Sep 16, 2008 at 11:26 PM, Eiji Kitamura <ag...@gmail.com> wrote:
>> [2] xoauth_public_key
>>
>> According to following proposal:
>> http://dirk.balfanz.googlepages.com/oauth_key_rotation.html
>>
>> Public Key Identifier should be specified using "xoauth_public_key".
>> Same on google code gadgets site.
>> But actual implementation in Shindig seems like using
>> "xoauth_signature_publickey".
>>
>> Which is correct or should they be treated differently?
>
> I think we should change the spec to use xoauth_signature_publickey,
> since that's what real world implementations have done.  If there's
> consensus on shindig-dev I'll send that proposal to the spec list.

Is xoauth_public_key the last answer? :)


>>> Is this still case?
>>> Shindig implements it on "http://container-hostname/public.cer" (on PHP).
>>>
>>> I can't find public key for iGoogle which xoauth_signature_publickey
>>> is pub.1199819524.-1556113204990931254.cer I received via OAuth
>>> request. Key on following page didn't work:
>>> https://sites.google.com/site/oauthgoog/oauth-proxy
>
> iGoogle and Orkut haven't implemented that part of the opensocial spec.
>

OK. I understand that
https://container-hostname/opensocial/certificates/xoauth_public_keyvalue
is the right place to hold public key in terms of specification and is
still not implemented in shindig.