You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by ヨンニ　ベリィストロム <jo...@unigent.jp> on 2010/04/28 10:24:41 UTC

Failed secure makeRequest

I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1 
week old copy).

I haven't been able to use SIGNED authorization with gadgets.io.makeRequest.

Unsigned works well, I'm using the JSON contenttype.


With signed, I tried to set up public/private key files like described 
in /shindig/certs/README, I get the files and everything + add the pass 
phrase into the 'private_key_phrase' in (and local.php), but the server 
responds with error 500, "INVALID_GADGET_TOKEN".

Could someone point me to some setup instructions?

Thank you

/Jonny

Re: Failed secure makeRequest

Posted by ヨンニ　ベリィストロム <jo...@unigent.jp>.

I don't mind monologs :-)

I sorted it out, this was the page I was looking for, explains it in a 
nice way: 
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests

Turned out I accidentally added an extra tab inside the public key.  :-( 
*slaps forehead*

ヨンニ　ベリィストロム wrote:
> With PHP, I'm using the class OAuthSignatureMethod_RSA_SHA1, but the 
> check_signature() function always returns false (signature failed).
> The service provider is sent these parameters:
>
> Array
> (
>    [oauth_version] => 1.0
>    [oauth_nonce] => e2ef1ee7a45c112680d5d835f15dbdf5
>    [oauth_timestamp] => 1272453429
>    [oauth_consumer_key] => default
>    [opensocial_owner_id] => 1
>    [opensocial_viewer_id] => 1
>    [opensocial_app_id] => 1
>    [opensocial_app_url] => http://theappurl/gadget.xml
>    [oauth_token] =>
>    [xoauth_signature_publickey] => http://newshindig/public.cer
>    [xoauth_public_key] => http://newshindig/public.cer
>    [oauth_signature_method] => RSA-SHA1
>    [oauth_signature] => averylongstringwithrandomchars
> )
>
> oauth_token is empty, is that ok or a problem?
> Is any other required data missing?
>
>
> ヨンニ　ベリィストロム wrote:
>> Not sure what you mean by the security token - but I've made some 
>> progress here, it doesn't end with error anymore, and a request is 
>> successfully (?) sent to the application server.
>> I haven't figured out how to sign it successfully there yet.
>>
>>
>> Evgeny Bogdanov wrote:
>>> What is the security token, that you use?
>>>
>>> On 28.04.10 10:24, ヨンニ　ベリィストロム wrote:
>>>> I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
>>>> week old copy).
>>>>
>>>> I haven't been able to use SIGNED authorization with 
>>>> gadgets.io.makeRequest.
>>>>
>>>> Unsigned works well, I'm using the JSON contenttype.
>>>>
>>>>
>>>> With signed, I tried to set up public/private key files like described
>>>> in /shindig/certs/README, I get the files and everything + add the 
>>>> pass
>>>> phrase into the 'private_key_phrase' in (and local.php), but the 
>>>> server
>>>> responds with error 500, "INVALID_GADGET_TOKEN".
>>>>
>>>> Could someone point me to some setup instructions?
>>>>
>>>> Thank you
>>>>
>>>> /Jonny
>>>>    
>
>
>

Re: Failed secure makeRequest

Posted by ヨンニ　ベリィストロム <jo...@unigent.jp>.

With PHP, I'm using the class OAuthSignatureMethod_RSA_SHA1, but the 
check_signature() function always returns false (signature failed).
The service provider is sent these parameters:

Array
(
    [oauth_version] => 1.0
    [oauth_nonce] => e2ef1ee7a45c112680d5d835f15dbdf5
    [oauth_timestamp] => 1272453429
    [oauth_consumer_key] => default
    [opensocial_owner_id] => 1
    [opensocial_viewer_id] => 1
    [opensocial_app_id] => 1
    [opensocial_app_url] => http://theappurl/gadget.xml
    [oauth_token] =>
    [xoauth_signature_publickey] => http://newshindig/public.cer
    [xoauth_public_key] => http://newshindig/public.cer
    [oauth_signature_method] => RSA-SHA1
    [oauth_signature] => averylongstringwithrandomchars
)

oauth_token is empty, is that ok or a problem?
Is any other required data missing?


ヨンニ　ベリィストロム wrote:
> Not sure what you mean by the security token - but I've made some 
> progress here, it doesn't end with error anymore, and a request is 
> successfully (?) sent to the application server.
> I haven't figured out how to sign it successfully there yet.
>
>
> Evgeny Bogdanov wrote:
>> What is the security token, that you use?
>>
>> On 28.04.10 10:24, ヨンニ　ベリィストロム wrote:
>>> I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
>>> week old copy).
>>>
>>> I haven't been able to use SIGNED authorization with 
>>> gadgets.io.makeRequest.
>>>
>>> Unsigned works well, I'm using the JSON contenttype.
>>>
>>>
>>> With signed, I tried to set up public/private key files like described
>>> in /shindig/certs/README, I get the files and everything + add the pass
>>> phrase into the 'private_key_phrase' in (and local.php), but the server
>>> responds with error 500, "INVALID_GADGET_TOKEN".
>>>
>>> Could someone point me to some setup instructions?
>>>
>>> Thank you
>>>
>>> /Jonny
>>>

Re: Failed secure makeRequest

Posted by ヨンニ　ベリィストロム <jo...@unigent.jp>.

Not sure what you mean by the security token - but I've made some 
progress here, it doesn't end with error anymore, and a request is 
successfully (?) sent to the application server.
I haven't figured out how to sign it successfully there yet.


Evgeny Bogdanov wrote:
> What is the security token, that you use?
>
> On 28.04.10 10:24, ヨンニ　ベリィストロム wrote:
>> I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
>> week old copy).
>>
>> I haven't been able to use SIGNED authorization with 
>> gadgets.io.makeRequest.
>>
>> Unsigned works well, I'm using the JSON contenttype.
>>
>>
>> With signed, I tried to set up public/private key files like described
>> in /shindig/certs/README, I get the files and everything + add the pass
>> phrase into the 'private_key_phrase' in (and local.php), but the server
>> responds with error 500, "INVALID_GADGET_TOKEN".
>>
>> Could someone point me to some setup instructions?
>>
>> Thank you
>>
>> /Jonny
>>    
>
>

Re: Failed secure makeRequest

Posted by Evgeny Bogdanov <ev...@epfl.ch>.

What is the security token, that you use?

On 28.04.10 10:24, ヨンニ　ベリィストロム wrote:
> I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
> week old copy).
>
> I haven't been able to use SIGNED authorization with gadgets.io.makeRequest.
>
> Unsigned works well, I'm using the JSON contenttype.
>
>
> With signed, I tried to set up public/private key files like described
> in /shindig/certs/README, I get the files and everything + add the pass
> phrase into the 'private_key_phrase' in (and local.php), but the server
> responds with error 500, "INVALID_GADGET_TOKEN".
>
> Could someone point me to some setup instructions?
>
> Thank you
>
> /Jonny
>