You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by ヨンニ ベリィストロム <jo...@unigent.jp> on 2010/04/28 10:24:41 UTC
Failed secure makeRequest
I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
week old copy).
I haven't been able to use SIGNED authorization with gadgets.io.makeRequest.
Unsigned works well, I'm using the JSON contenttype.
With signed, I tried to set up public/private key files like described
in /shindig/certs/README, I get the files and everything + add the pass
phrase into the 'private_key_phrase' in (and local.php), but the server
responds with error 500, "INVALID_GADGET_TOKEN".
Could someone point me to some setup instructions?
Thank you
/Jonny
Re: Failed secure makeRequest
Posted by ヨンニ ベリィストロム <jo...@unigent.jp>.
I don't mind monologs :-)
I sorted it out, this was the page I was looking for, explains it in a
nice way:
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
Turned out I accidentally added an extra tab inside the public key. :-(
*slaps forehead*
ヨンニ ベリィストロム wrote:
> With PHP, I'm using the class OAuthSignatureMethod_RSA_SHA1, but the
> check_signature() function always returns false (signature failed).
> The service provider is sent these parameters:
>
> Array
> (
> [oauth_version] => 1.0
> [oauth_nonce] => e2ef1ee7a45c112680d5d835f15dbdf5
> [oauth_timestamp] => 1272453429
> [oauth_consumer_key] => default
> [opensocial_owner_id] => 1
> [opensocial_viewer_id] => 1
> [opensocial_app_id] => 1
> [opensocial_app_url] => http://theappurl/gadget.xml
> [oauth_token] =>
> [xoauth_signature_publickey] => http://newshindig/public.cer
> [xoauth_public_key] => http://newshindig/public.cer
> [oauth_signature_method] => RSA-SHA1
> [oauth_signature] => averylongstringwithrandomchars
> )
>
> oauth_token is empty, is that ok or a problem?
> Is any other required data missing?
>
>
> ヨンニ ベリィストロム wrote:
>> Not sure what you mean by the security token - but I've made some
>> progress here, it doesn't end with error anymore, and a request is
>> successfully (?) sent to the application server.
>> I haven't figured out how to sign it successfully there yet.
>>
>>
>> Evgeny Bogdanov wrote:
>>> What is the security token, that you use?
>>>
>>> On 28.04.10 10:24, ヨンニ ベリィストロム wrote:
>>>> I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
>>>> week old copy).
>>>>
>>>> I haven't been able to use SIGNED authorization with
>>>> gadgets.io.makeRequest.
>>>>
>>>> Unsigned works well, I'm using the JSON contenttype.
>>>>
>>>>
>>>> With signed, I tried to set up public/private key files like described
>>>> in /shindig/certs/README, I get the files and everything + add the
>>>> pass
>>>> phrase into the 'private_key_phrase' in (and local.php), but the
>>>> server
>>>> responds with error 500, "INVALID_GADGET_TOKEN".
>>>>
>>>> Could someone point me to some setup instructions?
>>>>
>>>> Thank you
>>>>
>>>> /Jonny
>>>>
>
>
>
Re: Failed secure makeRequest
Posted by ヨンニ ベリィストロム <jo...@unigent.jp>.
With PHP, I'm using the class OAuthSignatureMethod_RSA_SHA1, but the
check_signature() function always returns false (signature failed).
The service provider is sent these parameters:
Array
(
[oauth_version] => 1.0
[oauth_nonce] => e2ef1ee7a45c112680d5d835f15dbdf5
[oauth_timestamp] => 1272453429
[oauth_consumer_key] => default
[opensocial_owner_id] => 1
[opensocial_viewer_id] => 1
[opensocial_app_id] => 1
[opensocial_app_url] => http://theappurl/gadget.xml
[oauth_token] =>
[xoauth_signature_publickey] => http://newshindig/public.cer
[xoauth_public_key] => http://newshindig/public.cer
[oauth_signature_method] => RSA-SHA1
[oauth_signature] => averylongstringwithrandomchars
)
oauth_token is empty, is that ok or a problem?
Is any other required data missing?
ヨンニ ベリィストロム wrote:
> Not sure what you mean by the security token - but I've made some
> progress here, it doesn't end with error anymore, and a request is
> successfully (?) sent to the application server.
> I haven't figured out how to sign it successfully there yet.
>
>
> Evgeny Bogdanov wrote:
>> What is the security token, that you use?
>>
>> On 28.04.10 10:24, ヨンニ ベリィストロム wrote:
>>> I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
>>> week old copy).
>>>
>>> I haven't been able to use SIGNED authorization with
>>> gadgets.io.makeRequest.
>>>
>>> Unsigned works well, I'm using the JSON contenttype.
>>>
>>>
>>> With signed, I tried to set up public/private key files like described
>>> in /shindig/certs/README, I get the files and everything + add the pass
>>> phrase into the 'private_key_phrase' in (and local.php), but the server
>>> responds with error 500, "INVALID_GADGET_TOKEN".
>>>
>>> Could someone point me to some setup instructions?
>>>
>>> Thank you
>>>
>>> /Jonny
>>>
Re: Failed secure makeRequest
Posted by ヨンニ ベリィストロム <jo...@unigent.jp>.
Not sure what you mean by the security token - but I've made some
progress here, it doesn't end with error anymore, and a request is
successfully (?) sent to the application server.
I haven't figured out how to sign it successfully there yet.
Evgeny Bogdanov wrote:
> What is the security token, that you use?
>
> On 28.04.10 10:24, ヨンニ ベリィストロム wrote:
>> I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
>> week old copy).
>>
>> I haven't been able to use SIGNED authorization with
>> gadgets.io.makeRequest.
>>
>> Unsigned works well, I'm using the JSON contenttype.
>>
>>
>> With signed, I tried to set up public/private key files like described
>> in /shindig/certs/README, I get the files and everything + add the pass
>> phrase into the 'private_key_phrase' in (and local.php), but the server
>> responds with error 500, "INVALID_GADGET_TOKEN".
>>
>> Could someone point me to some setup instructions?
>>
>> Thank you
>>
>> /Jonny
>>
>
>
Re: Failed secure makeRequest
Posted by Evgeny Bogdanov <ev...@epfl.ch>.
What is the security token, that you use?
On 28.04.10 10:24, ヨンニ ベリィストロム wrote:
> I'm using the latest (php) Shindig/Partuza from the trunk (well, ~ 1
> week old copy).
>
> I haven't been able to use SIGNED authorization with gadgets.io.makeRequest.
>
> Unsigned works well, I'm using the JSON contenttype.
>
>
> With signed, I tried to set up public/private key files like described
> in /shindig/certs/README, I get the files and everything + add the pass
> phrase into the 'private_key_phrase' in (and local.php), but the server
> responds with error 500, "INVALID_GADGET_TOKEN".
>
> Could someone point me to some setup instructions?
>
> Thank you
>
> /Jonny
>