You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Ben Smith <be...@gmail.com> on 2009/02/04 11:48:13 UTC
GitHub Shindig
Hey all (and particularly @lryan),
I was just wondering if there was a way of making sure that
http://github.com/sgala/apache-incubator-shindig/tree/master is kept
up-to-date. It hasn't been updated since last year and I'd really find
it useful if we could rely on it.
No worries if it's too much of a pain.
Cheers,
Ben
Re: GitHub Shindig
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Wed, Feb 4, 2009 at 3:05 PM, Santiago Gala <sa...@gmail.com> wrote:
> Jukka, would it be possible to have an automatically updated clone of
> http://incubator.apache.org/shindig (trunk|tags|branches)?
Sure, the Shindig mirror is now up at
http://jukka.zitting.name/git/?p=shindig.git
> With or without authors file. I have one, I can't remember right now
> how are your scripts dealing with authors for ASF repositories.
My version of the authors file is available at
http://jukka.zitting.name/git/authors.txt. The script that generates
this file is at
http://github.com/jukka/apache-git-mirrors/blob/master/bin/update-authors.sh.
BR,
Jukka Zitting
Re: GitHub Shindig
Posted by Santiago Gala <sa...@gmail.com>.
Jukka, would it be possible to have an automatically updated clone of
http://incubator.apache.org/shindig (trunk|tags|branches)? With or
without authors file. I have one, I can't remember right now how are
your scripts dealing with authors for ASF repositories.
Thanks in Advance
Santiago
FYI (shinding-dev):
El mié, 04-02-2009 a las 10:48 +0000, Ben Smith escribió:
> Hey all (and particularly @lryan),
>
> I was just wondering if there was a way of making sure that
> http://github.com/sgala/apache-incubator-shindig/tree/master is kept
> up-to-date. It hasn't been updated since last year and I'd really find
> it useful if we could rely on it.
>
> No worries if it's too much of a pain.
>
While the new mirror is set up, I have updated the three different
"pushes" I had from this mirror:
- the github one above
- The one at repo.or.cz ( http://repo.or.cz/w/shindig.git )
- The one at people.apache.org
( http://people.apache.org/~sgala/git/?p=shindig.git;a=summary )
Those were different attempts to see different clients in action. I
likee particularly the one at repo.or.cz, as it allows showing
differences between branches, something handy for code discussion.
OTOH, my conversion has a problem: I was not able to get the branch
working because of how it was set up, so it can't do proper differences
between branches. I'd like to either fix my import or see if the clone
produced by Jukka's scripts works across the tagging and branching.
> Cheers,
> Ben
Re: GitHub Shindig
Posted by Ben Smith <be...@gmail.com>.
Cheers Santiago, sounds good.
On 4/2/09 13:00, Santiago Gala wrote:
> El mié, 04-02-2009 a las 10:48 +0000, Ben Smith escribió:
>
>> Hey all (and particularly @lryan),
>>
>> I was just wondering if there was a way of making sure that
>> http://github.com/sgala/apache-incubator-shindig/tree/master is kept
>> up-to-date. It hasn't been updated since last year and I'd really find
>> it useful if we could rely on it.
>>
>>
>
> It was my work during the early days of fighting for having some
> tolerance towards git in the ASF infrastructure. Those days are long
> gone...
>
> I can try to keep it current, but I think it is better to ask for a
> mirror in the semi-official setup that Jukka did, as documented here:
>
> http://jukkaz.wordpress.com/2008/07/31/git-clones-of-apache-codebases/
> http://jukka.zitting.name/git/
>
> He ensured that the mirrors are properly updated by a script, and those
> will be eventually migrated into the official infrastructure.
> Conversations about those issues are at infrastructure-dev@apache.org
>
> I'll ask for a mirror if nobody beats me to it. The only "special"
> configuration required is the authors file, to have real names instead
> of apache nicks, if required...
>
>
>
>> No worries if it's too much of a pain.
>>
>>
>
> It should be easy for Jukka, he has a semiautomated configuration. The
> one I did was relying on me pushing by hand. While I could run a script
> at people.apache.org pushing to github, I think there are ongoing
> conversations and there will be a meeting at ApacheCON Europe with
> github people to have some integration. I'd like to attend, but couldn't
> get any talk and can't afford it, so I doubt I will be there.
>
> Regards
> Santiago
>
>
>> Cheers,
>> Ben
>>
>
>
>
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
>Nice. =)
>
>You might want to think about returning the oauth consumer key value
>along with the other parameters in OAuthValidatorResult. That way you
>can figure out which social network sent the user.
That's a good idea. I was thinking of doing something like that. I'll
add it.
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
Re: signature_invalid
Posted by Brian Eaton <be...@google.com>.
Nice. =)
You might want to think about returning the oauth consumer key value
along with the other parameters in OAuthValidatorResult. That way you
can figure out which social network sent the user.
On Fri, Feb 6, 2009 at 12:46 AM, Jordan Zimmerman <jo...@shop.com> wrote:
>>I'm having the same problem, I can't make the sample code working with
>>Shindig.
> I finally got it working. You can see my solution in the source of
> Mediated OpenSocial:
> http://code.google.com/p/mediated-opensocial/source/browse/trunk/config/
> src/com/shop/opensocial/mediated/shindig/util/OAuthValidatorImplementati
> on.java
>
> The important things I found:
>
> * You can't redirect from the URL used in the makeRequest() call. i.e.
> the URLs must match.
> * When passing the request URL to OAuthMessage, make sure the
> Querystring is removed.
> * Make sure the ConsumerSecret matches on both the gadget side and the
> server side.
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jordanz@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
>I'm having the same problem, I can't make the sample code working with
>Shindig.
I finally got it working. You can see my solution in the source of
Mediated OpenSocial:
http://code.google.com/p/mediated-opensocial/source/browse/trunk/config/
src/com/shop/opensocial/mediated/shindig/util/OAuthValidatorImplementati
on.java
The important things I found:
* You can't redirect from the URL used in the makeRequest() call. i.e.
the URLs must match.
* When passing the request URL to OAuthMessage, make sure the
Querystring is removed.
* Make sure the ConsumerSecret matches on both the gadget side and the
server side.
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
Re: signature_invalid
Posted by jeremi joslin <je...@gmail.com>.
On Fri, Feb 6, 2009 at 05:42, Jordan Zimmerman <jo...@shop.com> wrote:
>>Most people do use query strings, and it does work.
> So, it doesn't create a security hole? I don't understand the encoding
> process enough to determine this.
>
> Unless I'm missing something, they'd all have to alter the sample code
> on the net. Or, maybe the sample code is wrong?
Hi,
I'm having the same problem, I can't make the sample code working with Shindig.
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
Did anyone manage to have it working?
Jeremi
Re: signature_invalid
Posted by Brian Eaton <be...@google.com>.
On Thu, Feb 5, 2009 at 2:42 PM, Jordan Zimmerman <jo...@shop.com> wrote:
>>Most people do use query strings, and it does work.
> So, it doesn't create a security hole? I don't understand the encoding
> process enough to determine this.
The Shindig code promises that:
oauth/xoauth/opensocial parameters are controlled by the container,
not the gadget.
The other parameters on the request came from the gadget.
> Unless I'm missing something, they'd all have to alter the sample code
> on the net. Or, maybe the sample code is wrong?
It might be, but I doubt it.
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
>Most people do use query strings, and it does work.
So, it doesn't create a security hole? I don't understand the encoding
process enough to determine this.
Unless I'm missing something, they'd all have to alter the sample code
on the net. Or, maybe the sample code is wrong?
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
Re: signature_invalid
Posted by Brian Eaton <be...@google.com>.
On Thu, Feb 5, 2009 at 2:35 PM, Jordan Zimmerman <jo...@shop.com> wrote:
> Maybe most people aren't using querystrings in their makeRequest()
> calls? If they do, the Shindig implementation will not work with the
> sample verification code that I've seen.
Most people do use query strings, and it does work.
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
>I doubt it's a bug, more likely misusage. The shindig oauth code
>interoperates with literally hundreds of OAuth service providers in at
>least four languages.
Isn't the target URL used to build the signature? If you strip off the
querystring you're creating a security hole. I'm probably wrong about
this as I don't have a complete understanding.
Maybe most people aren't using querystrings in their makeRequest()
calls? If they do, the Shindig implementation will not work with the
sample verification code that I've seen.
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
Re: signature_invalid
Posted by Brian Eaton <be...@google.com>.
On Thu, Feb 5, 2009 at 2:23 PM, Jordan Zimmerman <jo...@shop.com> wrote:
> I've found the problem. OAuthRequest.sanitizeAndSign() sets the target's
> query to null. So, the URL that gets bound into the OAuth message
> doesn't have a query string. This seems like a bug to me. The fix isn't
> simple, though, because all of the oauth parameters haven't been added
> yet.
I doubt it's a bug, more likely misusage. The shindig oauth code
interoperates with literally hundreds of OAuth service providers in at
least four languages.
(it definitely does not always strip the query string from outgoing requests.)
> Why are the oauth args being passed as URL parameters anyway? Wouldn't
> it be better to pass them in a header?
You can do that with the param_location attribute in the <OAuth> tag
in the gadget spec.
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
>OK, that's a good start. Have a look at the signature base string
>being generated in the OAuth libraries, make sure they match on both
>sides. (Look in the HMAC_SHA1 class.)
I've found the problem. OAuthRequest.sanitizeAndSign() sets the target's
query to null. So, the URL that gets bound into the OAuth message
doesn't have a query string. This seems like a bug to me. The fix isn't
simple, though, because all of the oauth parameters haven't been added
yet.
Why are the oauth args being passed as URL parameters anyway? Wouldn't
it be better to pass them in a header?
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
Re: signature_invalid
Posted by Brian Eaton <be...@google.com>.
OK, that's a good start. Have a look at the signature base string
being generated in the OAuth libraries, make sure they match on both
sides. (Look in the HMAC_SHA1 class.)
On Thu, Feb 5, 2009 at 1:39 PM, Jordan Zimmerman <jo...@shop.com> wrote:
> Sorry I didn't mention this, but I've already replaced the Shindig OAuth
> provider. I'm already binding my own OAuthStore and am using the same
> dummy OAuthConsumer there. I've verified that my dummy consumer key is
> getting set in the URL.
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jordanz@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
>
>
> -----Original Message-----
> From: Brian Eaton [mailto:beaton@google.com]
> Sent: Thursday, February 05, 2009 1:36 PM
> To: shindig-dev@incubator.apache.org
> Subject: Re: signature_invalid
>
> On Thu, Feb 5, 2009 at 1:30 PM, Jordan Zimmerman <jo...@shop.com>
> wrote:
>>>You don't show how you are building the OAuthConsumer object.
>> Currently, I'm using dummy values. So, it's this:
>> new OAuthConsumer(null, "ConsumerKey", "ConsumerSecret", null)
>
> OK, so you need to configure Shindig to use that same key. There is a
> file called config/oauth.json that maps gadgets to keys. There is an
> example of modifying that file in
> http://groups.google.com/group/oauth/browse_thread/thread/5dea93b44dbbb6
> 28.
>
> config/oauth.json is not meant for production use. You need to
> replace it with your production data source, see OAuthModule.java, and
> some threads on shindig-dev about this in the past.
>
>>> Here's some doc you might find useful:
>> I tried the code in the wiki and it produces the same result:
>> signature_invalid
>
> In order for that code to work it needs to validating a signature from
> Orkut.
>
>> Where in the Shindig code does it build the signature? I've been
>> searching for it but haven't found it yet.
>
> Start in OAuthRequest.java.
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
Sorry I didn't mention this, but I've already replaced the Shindig OAuth
provider. I'm already binding my own OAuthStore and am using the same
dummy OAuthConsumer there. I've verified that my dummy consumer key is
getting set in the URL.
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
-----Original Message-----
From: Brian Eaton [mailto:beaton@google.com]
Sent: Thursday, February 05, 2009 1:36 PM
To: shindig-dev@incubator.apache.org
Subject: Re: signature_invalid
On Thu, Feb 5, 2009 at 1:30 PM, Jordan Zimmerman <jo...@shop.com>
wrote:
>>You don't show how you are building the OAuthConsumer object.
> Currently, I'm using dummy values. So, it's this:
> new OAuthConsumer(null, "ConsumerKey", "ConsumerSecret", null)
OK, so you need to configure Shindig to use that same key. There is a
file called config/oauth.json that maps gadgets to keys. There is an
example of modifying that file in
http://groups.google.com/group/oauth/browse_thread/thread/5dea93b44dbbb6
28.
config/oauth.json is not meant for production use. You need to
replace it with your production data source, see OAuthModule.java, and
some threads on shindig-dev about this in the past.
>> Here's some doc you might find useful:
> I tried the code in the wiki and it produces the same result:
> signature_invalid
In order for that code to work it needs to validating a signature from
Orkut.
> Where in the Shindig code does it build the signature? I've been
> searching for it but haven't found it yet.
Start in OAuthRequest.java.
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
Re: signature_invalid
Posted by Brian Eaton <be...@google.com>.
On Thu, Feb 5, 2009 at 1:30 PM, Jordan Zimmerman <jo...@shop.com> wrote:
>>You don't show how you are building the OAuthConsumer object.
> Currently, I'm using dummy values. So, it's this:
> new OAuthConsumer(null, "ConsumerKey", "ConsumerSecret", null)
OK, so you need to configure Shindig to use that same key. There is a
file called config/oauth.json that maps gadgets to keys. There is an
example of modifying that file in
http://groups.google.com/group/oauth/browse_thread/thread/5dea93b44dbbb628.
config/oauth.json is not meant for production use. You need to
replace it with your production data source, see OAuthModule.java, and
some threads on shindig-dev about this in the past.
>> Here's some doc you might find useful:
> I tried the code in the wiki and it produces the same result:
> signature_invalid
In order for that code to work it needs to validating a signature from Orkut.
> Where in the Shindig code does it build the signature? I've been
> searching for it but haven't found it yet.
Start in OAuthRequest.java.
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
>You don't show how you are building the OAuthConsumer object.
Currently, I'm using dummy values. So, it's this:
new OAuthConsumer(null, "ConsumerKey", "ConsumerSecret", null)
> Here's some doc you might find useful:
I tried the code in the wiki and it produces the same result:
signature_invalid
Where in the Shindig code does it build the signature? I've been
searching for it but haven't found it yet.
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
-----Original Message-----
From: Brian Eaton [mailto:beaton@google.com]
Sent: Thursday, February 05, 2009 12:57 PM
To: shindig-dev@incubator.apache.org
Subject: Re: signature_invalid
Hi Jordan -
Make sure you're using the right keys and secrets. You don't show how
you are building the OAuthConsumer object. There may be a bug in that
code.
Here's some doc you might find useful:
http://groups.google.com/group/oauth/browse_thread/thread/5dea93b44dbbb6
28
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
On Thu, Feb 5, 2009 at 12:48 PM, Jordan Zimmerman <jo...@shop.com>
wrote:
> Trying again...
>
> What is the correct way to validate the OAuth parameters from my
server
> (as part of a makeRequest() call)? Does Shindig expose an API for
this?
> I tried the code below but it doesn't work.
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jordanz@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
>
>
> -----Original Message-----
> From: Jordan Zimmerman [mailto:jordanz@shop.com]
> Sent: Wednesday, February 04, 2009 11:40 AM
> To: shindig-dev@incubator.apache.org
> Subject: signature_invalid
>
> I'm trying to get OAuth working. My gadget is calling makeRequest()
with
> OAUTH authentication. When the request gets to my server all of the
> OAuth parameters are there. But, when I try to validate, I get an
> exception:
>
> net.oauth.OAuthProblemException: signature_invalid
> at
>
net.oauth.signature.OAuthSignatureMethod.validate(OAuthSignatureMethod.j
> ava:67)
> at
>
net.oauth.SimpleOAuthValidator.validateSignature(SimpleOAuthValidator.ja
> va:103)
> at
>
net.oauth.SimpleOAuthValidator.validateMessage(SimpleOAuthValidator.java
> :68)
>
> Here's my validation code:
>
> public boolean isValidOAuthQuery(OAuthConsumer consumer,
> HttpServletRequest request)
> {
> String requestURL = OAuthServlet.getRequestURL(request);
> OAuthMessage message = OAuthServlet.getMessage(request,
> requestURL);
> OAuthAccessor accessor = new OAuthAccessor(consumer);
> SimpleOAuthValidator validator = new SimpleOAuthValidator();
> try
> {
> validator.validateMessage(message, accessor);
> }
> catch ( Exception e )
> {
> e.printStackTrace();
> return false;
> }
> return true;
> }
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jordanz@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
Oh, also, the wiki example shows an RSA cert being used. I'm not using
that. As I understand that it isn't needed in the two-legged OAuth done
for makeRequest().
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
-----Original Message-----
From: Jordan Zimmerman
Sent: Thursday, February 05, 2009 1:31 PM
To: 'shindig-dev@incubator.apache.org'
Subject: RE: signature_invalid
>You don't show how you are building the OAuthConsumer object.
Currently, I'm using dummy values. So, it's this:
new OAuthConsumer(null, "ConsumerKey", "ConsumerSecret", null)
> Here's some doc you might find useful:
I tried the code in the wiki and it produces the same result:
signature_invalid
Where in the Shindig code does it build the signature? I've been
searching for it but haven't found it yet.
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
-----Original Message-----
From: Brian Eaton [mailto:beaton@google.com]
Sent: Thursday, February 05, 2009 12:57 PM
To: shindig-dev@incubator.apache.org
Subject: Re: signature_invalid
Hi Jordan -
Make sure you're using the right keys and secrets. You don't show how
you are building the OAuthConsumer object. There may be a bug in that
code.
Here's some doc you might find useful:
http://groups.google.com/group/oauth/browse_thread/thread/5dea93b44dbbb6
28
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
On Thu, Feb 5, 2009 at 12:48 PM, Jordan Zimmerman <jo...@shop.com>
wrote:
> Trying again...
>
> What is the correct way to validate the OAuth parameters from my
server
> (as part of a makeRequest() call)? Does Shindig expose an API for
this?
> I tried the code below but it doesn't work.
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jordanz@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
>
>
> -----Original Message-----
> From: Jordan Zimmerman [mailto:jordanz@shop.com]
> Sent: Wednesday, February 04, 2009 11:40 AM
> To: shindig-dev@incubator.apache.org
> Subject: signature_invalid
>
> I'm trying to get OAuth working. My gadget is calling makeRequest()
with
> OAUTH authentication. When the request gets to my server all of the
> OAuth parameters are there. But, when I try to validate, I get an
> exception:
>
> net.oauth.OAuthProblemException: signature_invalid
> at
>
net.oauth.signature.OAuthSignatureMethod.validate(OAuthSignatureMethod.j
> ava:67)
> at
>
net.oauth.SimpleOAuthValidator.validateSignature(SimpleOAuthValidator.ja
> va:103)
> at
>
net.oauth.SimpleOAuthValidator.validateMessage(SimpleOAuthValidator.java
> :68)
>
> Here's my validation code:
>
> public boolean isValidOAuthQuery(OAuthConsumer consumer,
> HttpServletRequest request)
> {
> String requestURL = OAuthServlet.getRequestURL(request);
> OAuthMessage message = OAuthServlet.getMessage(request,
> requestURL);
> OAuthAccessor accessor = new OAuthAccessor(consumer);
> SimpleOAuthValidator validator = new SimpleOAuthValidator();
> try
> {
> validator.validateMessage(message, accessor);
> }
> catch ( Exception e )
> {
> e.printStackTrace();
> return false;
> }
> return true;
> }
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jordanz@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
Re: signature_invalid
Posted by Brian Eaton <be...@google.com>.
Hi Jordan -
Make sure you're using the right keys and secrets. You don't show how
you are building the OAuthConsumer object. There may be a bug in that
code.
Here's some doc you might find useful:
http://groups.google.com/group/oauth/browse_thread/thread/5dea93b44dbbb628
http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
On Thu, Feb 5, 2009 at 12:48 PM, Jordan Zimmerman <jo...@shop.com> wrote:
> Trying again...
>
> What is the correct way to validate the OAuth parameters from my server
> (as part of a makeRequest() call)? Does Shindig expose an API for this?
> I tried the code below but it doesn't work.
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jordanz@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
>
>
> -----Original Message-----
> From: Jordan Zimmerman [mailto:jordanz@shop.com]
> Sent: Wednesday, February 04, 2009 11:40 AM
> To: shindig-dev@incubator.apache.org
> Subject: signature_invalid
>
> I'm trying to get OAuth working. My gadget is calling makeRequest() with
> OAUTH authentication. When the request gets to my server all of the
> OAuth parameters are there. But, when I try to validate, I get an
> exception:
>
> net.oauth.OAuthProblemException: signature_invalid
> at
> net.oauth.signature.OAuthSignatureMethod.validate(OAuthSignatureMethod.j
> ava:67)
> at
> net.oauth.SimpleOAuthValidator.validateSignature(SimpleOAuthValidator.ja
> va:103)
> at
> net.oauth.SimpleOAuthValidator.validateMessage(SimpleOAuthValidator.java
> :68)
>
> Here's my validation code:
>
> public boolean isValidOAuthQuery(OAuthConsumer consumer,
> HttpServletRequest request)
> {
> String requestURL = OAuthServlet.getRequestURL(request);
> OAuthMessage message = OAuthServlet.getMessage(request,
> requestURL);
> OAuthAccessor accessor = new OAuthAccessor(consumer);
> SimpleOAuthValidator validator = new SimpleOAuthValidator();
> try
> {
> validator.validateMessage(message, accessor);
> }
> catch ( Exception e )
> {
> e.printStackTrace();
> return false;
> }
> return true;
> }
>
> Jordan Zimmerman
> Principal Software Architect
> 831.647.4712
> 831.214.2990 (cell)
> jordanz@shop.com
>
> SHOP*COMTM
> All your favorite stores.
> OneCart(r) convenience.
> www.shop.com
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
> This message (including any attachments) is intended only for
> the use of the individual or entity to which it is addressed and
> may contain information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified
> that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this
> message
> immediately if this is an electronic communication.
>
> Thank you.
>
RE: signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
Trying again...
What is the correct way to validate the OAuth parameters from my server
(as part of a makeRequest() call)? Does Shindig expose an API for this?
I tried the code below but it doesn't work.
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
-----Original Message-----
From: Jordan Zimmerman [mailto:jordanz@shop.com]
Sent: Wednesday, February 04, 2009 11:40 AM
To: shindig-dev@incubator.apache.org
Subject: signature_invalid
I'm trying to get OAuth working. My gadget is calling makeRequest() with
OAUTH authentication. When the request gets to my server all of the
OAuth parameters are there. But, when I try to validate, I get an
exception:
net.oauth.OAuthProblemException: signature_invalid
at
net.oauth.signature.OAuthSignatureMethod.validate(OAuthSignatureMethod.j
ava:67)
at
net.oauth.SimpleOAuthValidator.validateSignature(SimpleOAuthValidator.ja
va:103)
at
net.oauth.SimpleOAuthValidator.validateMessage(SimpleOAuthValidator.java
:68)
Here's my validation code:
public boolean isValidOAuthQuery(OAuthConsumer consumer,
HttpServletRequest request)
{
String requestURL = OAuthServlet.getRequestURL(request);
OAuthMessage message = OAuthServlet.getMessage(request,
requestURL);
OAuthAccessor accessor = new OAuthAccessor(consumer);
SimpleOAuthValidator validator = new SimpleOAuthValidator();
try
{
validator.validateMessage(message, accessor);
}
catch ( Exception e )
{
e.printStackTrace();
return false;
}
return true;
}
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
signature_invalid
Posted by Jordan Zimmerman <jo...@shop.com>.
I'm trying to get OAuth working. My gadget is calling makeRequest() with
OAUTH authentication. When the request gets to my server all of the
OAuth parameters are there. But, when I try to validate, I get an
exception:
net.oauth.OAuthProblemException: signature_invalid
at
net.oauth.signature.OAuthSignatureMethod.validate(OAuthSignatureMethod.j
ava:67)
at
net.oauth.SimpleOAuthValidator.validateSignature(SimpleOAuthValidator.ja
va:103)
at
net.oauth.SimpleOAuthValidator.validateMessage(SimpleOAuthValidator.java
:68)
Here's my validation code:
public boolean isValidOAuthQuery(OAuthConsumer consumer,
HttpServletRequest request)
{
String requestURL = OAuthServlet.getRequestURL(request);
OAuthMessage message = OAuthServlet.getMessage(request,
requestURL);
OAuthAccessor accessor = new OAuthAccessor(consumer);
SimpleOAuthValidator validator = new SimpleOAuthValidator();
try
{
validator.validateMessage(message, accessor);
}
catch ( Exception e )
{
e.printStackTrace();
return false;
}
return true;
}
Jordan Zimmerman
Principal Software Architect
831.647.4712
831.214.2990 (cell)
jordanz@shop.com
SHOP*COMTM
All your favorite stores.
OneCart(r) convenience.
www.shop.com
This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this
message
immediately if this is an electronic communication.
Thank you.
Re: GitHub Shindig
Posted by Santiago Gala <sa...@gmail.com>.
El mié, 04-02-2009 a las 10:48 +0000, Ben Smith escribió:
> Hey all (and particularly @lryan),
>
> I was just wondering if there was a way of making sure that
> http://github.com/sgala/apache-incubator-shindig/tree/master is kept
> up-to-date. It hasn't been updated since last year and I'd really find
> it useful if we could rely on it.
>
It was my work during the early days of fighting for having some
tolerance towards git in the ASF infrastructure. Those days are long
gone...
I can try to keep it current, but I think it is better to ask for a
mirror in the semi-official setup that Jukka did, as documented here:
http://jukkaz.wordpress.com/2008/07/31/git-clones-of-apache-codebases/
http://jukka.zitting.name/git/
He ensured that the mirrors are properly updated by a script, and those
will be eventually migrated into the official infrastructure.
Conversations about those issues are at infrastructure-dev@apache.org
I'll ask for a mirror if nobody beats me to it. The only "special"
configuration required is the authors file, to have real names instead
of apache nicks, if required...
> No worries if it's too much of a pain.
>
It should be easy for Jukka, he has a semiautomated configuration. The
one I did was relying on me pushing by hand. While I could run a script
at people.apache.org pushing to github, I think there are ongoing
conversations and there will be a meeting at ApacheCON Europe with
github people to have some integration. I'd like to attend, but couldn't
get any talk and can't afford it, so I doubt I will be there.
Regards
Santiago
> Cheers,
> Ben
Re: GitHub Shindig
Posted by Santiago Gala <sa...@gmail.com>.
Jukka, would it be possible to have an automatically updated clone of
http://incubator.apache.org/shindig (trunk|tags|branches)? With or
without authors file. I have one, I can't remember right now how are
your scripts dealing with authors for ASF repositories.
Thanks in Advance
Santiago
FYI (shinding-dev):
El mié, 04-02-2009 a las 10:48 +0000, Ben Smith escribió:
> Hey all (and particularly @lryan),
>
> I was just wondering if there was a way of making sure that
> http://github.com/sgala/apache-incubator-shindig/tree/master is kept
> up-to-date. It hasn't been updated since last year and I'd really find
> it useful if we could rely on it.
>
> No worries if it's too much of a pain.
>
While the new mirror is set up, I have updated the three different
"pushes" I had from this mirror:
- the github one above
- The one at repo.or.cz ( http://repo.or.cz/w/shindig.git )
- The one at people.apache.org
( http://people.apache.org/~sgala/git/?p=shindig.git;a=summary )
Those were different attempts to see different clients in action. I
likee particularly the one at repo.or.cz, as it allows showing
differences between branches, something handy for code discussion.
OTOH, my conversion has a problem: I was not able to get the branch
working because of how it was set up, so it can't do proper differences
between branches. I'd like to either fix my import or see if the clone
produced by Jukka's scripts works across the tagging and branching.
> Cheers,
> Ben
Re: GitHub Shindig
Posted by Ben Smith <be...@gmail.com>.
Sorry, you're right, it's just that the last imported commit was from
Louis Ryan ;)
Chris Chabot wrote:
> Santiago Gala would probably know more about this
>
> On Wed, Feb 4, 2009 at 11:48 AM, Ben Smith <be...@gmail.com> wrote:
>
>
>> Hey all (and particularly @lryan),
>>
>> I was just wondering if there was a way of making sure that
>> http://github.com/sgala/apache-incubator-shindig/tree/master is kept
>> up-to-date. It hasn't been updated since last year and I'd really find it
>> useful if we could rely on it.
>>
>> No worries if it's too much of a pain.
>>
>> Cheers,
>> Ben
>>
>>
>
>
Re: GitHub Shindig
Posted by Chris Chabot <ch...@google.com>.
Santiago Gala would probably know more about this
On Wed, Feb 4, 2009 at 11:48 AM, Ben Smith <be...@gmail.com> wrote:
> Hey all (and particularly @lryan),
>
> I was just wondering if there was a way of making sure that
> http://github.com/sgala/apache-incubator-shindig/tree/master is kept
> up-to-date. It hasn't been updated since last year and I'd really find it
> useful if we could rely on it.
>
> No worries if it's too much of a pain.
>
> Cheers,
> Ben
>