You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Loic Dachary <lo...@dachary.org> on 2009/07/03 09:39:21 UTC
opensocial-php-client/examples/appData.php : two legged variation
?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I've been able to play with
http://pokersource.info/opensocial-php-client/examples/appData.php?test=partuza
and modify the application data of all the installed application of my
account at http://partuza.nl/ :-)
Unless I'm mistaken, this example uses a three legged OAuth dialog (
i.e. I'm redirected to partuza.nl and required to login before it
works and the appData.php code has access to the app data of all the
installed applications, not just a designated application ).
I would be most interested in a two legged variation where I would set
the consumer key and secret ( as found in the page describing the
installed application on my partuza.nl account ). I could try to guess
a sensible set of api calls that would accomplish this. But I'm
currently in a great state of confusion regarding the OAuth
implementation/logic and a working example would bring some stability
in my world ;-)
Thanks in advance
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpNtakACgkQ8dLMyEl6F22+WwCeOkrVRVMUjXPLcP4+FZ+iSHCg
dGMAoKMvFwsujkIdzBMlsUToWK2wAbjl
=8KST
-----END PGP SIGNATURE-----
Re: opensocial-php-client/examples/appData.php : two legged variation
?
Posted by Loic Dachary <lo...@dachary.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Loic Dachary wrote:
>
>> I've committed a fix to partuza's 1.0 release branch, however I
>> haven't rolled it up in a release yet since I haven't had the
>> chance to test it, however if you do have a moment for that you
>> could check it out:
>>
> http://code.google.com/p/partuza/source/diff?spec=svn247&r=247&format=side&path=/branches/partuza-1.0/Shindig/PartuzaOAuthLookupService.php
>
>
> That worked and I now have a different error message that says:
>
>
> ( ! ) osapiAuthError: Authentication error: The request did not
> have a proper security token nor oauth message and unauthenticated
> requests are not allowed in
> /var/www/opensocial-php-client/osapi/io/osapiRpcIO.php on line 59
> Call Stack # Time Memory Function Location 1 0.0003
> 76180 {main}( ) ../appData.php:0 2 0.0195 1579904
> osapiBatch->execute( ) ../appData.php:116 3 0.0195 1579904
> osapiRpcIO::sendBatch( ) ../osapiBatch.php:60
>
> I double checked that the call
>
> $osapi = new osapi($provider, new
> osapiOAuth2Legged('deedc0e4-dbcd-cbc8-a5e2-dadafae0d4d8',
> '282ce3c8e43576efe6d216da3e37\ a359l', 1));
>
> has valid key / secret for the application and that 1 is a valid
> user id.
>
> I'll keep digging.
I found a source of error : the shindig server sits behind a reverse
proxy. It uses a host name to build the base_string of the signature
that's different from the public name of the web site.
More later.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpZ5pcACgkQ8dLMyEl6F20WoACggiKa109hdg8iXClhL7EQtEMW
wxYAn0mNqTTcAK+l6MAfQLwm2aQkCTWV
=9N1z
-----END PGP SIGNATURE-----
Re: opensocial-php-client/examples/appData.php : two legged variation
?
Posted by Loic Dachary <lo...@dachary.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
> I've committed a fix to partuza's 1.0 release branch, however I
> haven't rolled it up in a release yet since I haven't had the
> chance to test it, however if you do have a moment for that you
> could check it out:
> http://code.google.com/p/partuza/source/diff?spec=svn247&r=247&format=side&path=/branches/partuza-1.0/Shindig/PartuzaOAuthLookupService.php
>
That worked and I now have a different error message that says:
( ! ) osapiAuthError: Authentication error: The request did not have a
proper security token nor oauth message and unauthenticated requests
are not allowed in
/var/www/opensocial-php-client/osapi/io/osapiRpcIO.php on line 59
Call Stack
# Time Memory Function Location
1 0.0003 76180 {main}( ) ../appData.php:0
2 0.0195 1579904 osapiBatch->execute( ) ../appData.php:116
3 0.0195 1579904 osapiRpcIO::sendBatch( ) ../osapiBatch.php:60
I double checked that the call
$osapi = new osapi($provider, new
osapiOAuth2Legged('deedc0e4-dbcd-cbc8-a5e2-dadafae0d4d8',
'282ce3c8e43576efe6d216da3e37\
a359l', 1));
has valid key / secret for the application and that 1 is a valid user id.
I'll keep digging.
Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpZ2JUACgkQ8dLMyEl6F23SbQCaAvKAx5enHfix/1Hi08c6iNEC
f/IAoII6g+L0YH4EbofPFuzF99YgmgBj
=78C+
-----END PGP SIGNATURE-----
Re: opensocial-php-client/examples/appData.php : two legged variation
?
Posted by Chris Chabot <ch...@google.com>.
On Mon, Jul 6, 2009 at 9:36 PM, Loic Dachary <lo...@dachary.org> wrote:
> Is there a simple minded fix I can apply (like fixing the prototype &
> ignore the implications) ? Or is it a deeper problem ?
>
I've committed a fix to partuza's 1.0 release branch, however I haven't
rolled it up in a release yet since I haven't had the chance to test it,
however if you do have a moment for that you could check it out:
http://code.google.com/p/partuza/source/diff?spec=svn247&r=247&format=side&path=/branches/partuza-1.0/Shindig/PartuzaOAuthLookupService.php
If that doesn't work and you need to get it up and running asap, just remove
the $contentType param and the check if the $contentType is in the
$acceptedTypes.
The reasoning behind the change is that php shindig allowed raw post data to
be used in oauth signatures no matter what content type it had (using the
raw post), so even if it's aform-url-encoded post. However many languages
(like java) don't give you programmatic access to the raw post body if it's
'a form post' .. so for consistency sake I've added those content type
checks.
So removing the check won't break anything at all, it'll just stop it from
complaining if you use the wrong content type in a post :)
-- Chris
Re: opensocial-php-client/examples/appData.php : two legged variation
?
Posted by Loic Dachary <lo...@dachary.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Chabot wrote:
> Ouwcha, yeah that would be my mistake. There were some
> incompatibilities in the social API between shindig 1.0 and partuza
> trunk, so I took the last working revision and called that
> partuza-1.0. And while that did cover for the social api changes, I
> forgot to check the OAuth interface it seems!
I'm glad it's not my fault this time ;-)
> I'll go fix that and do a partuza-1.0.1 release :)
Is there a simple minded fix I can apply (like fixing the prototype &
ignore the implications) ? Or is it a deeper problem ?
> Thanks for the report & great feedback!
>
Thanks for the great support.
Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpSUi4ACgkQ8dLMyEl6F22tswCgmBDyMEsOU62KfOyX+ijqJVkY
vKwAnjhT4+/CS4ILphbB5Ke8QxBoodLn
=DLfU
-----END PGP SIGNATURE-----
Re: opensocial-php-client/examples/appData.php : two legged variation
?
Posted by Chris Chabot <ch...@google.com>.
Ouwcha, yeah that would be my mistake. There were some incompatibilities in
the social API between shindig 1.0 and partuza trunk, so I took the last
working revision and called that partuza-1.0. And while that did cover for
the social api changes, I forgot to check the OAuth interface it seems!
I'll go fix that and do a partuza-1.0.1 release :)
Thanks for the report & great feedback!
-- Chris
On Sun, Jul 5, 2009 at 6:32 PM, Loic Dachary <lo...@dachary.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chris Chabot wrote:
> > Hey Loic,
> >
> > Using the 2 legged variant is quite simple, just change the $auth
> > bit from:
> >
> > $auth =
> >
> osapiOAuth3Legged::performOAuthLogin('ddf4f9f7-f8e7-c7d9-afe4-c6e6c8e6eec4',
> > '6f0e1a11ac45caed32d699f9e92ae959', $storage, $provider,
> > $localUserId); to: new osapiOAuth2Legged("OAuth Key", "OAuth
> > Secret", 'The User ID for which you want to do something');
> >
> > Where the oauth key & token are the ones from the edit applications
> > overview, and the user id on who's behalf you want to perform your
> > actions.
> >
> > After that you can use the $osapis->appdata-> get / create / update
> > / delete functions as you would expect to be able to use them :)
> >
> > Do note that most containers have the restriction that someone
> > needs to have the app installed (identified by the oauth
> > key/secret) to be able to retrieve and/or modify their data.
>
> This works beautifully on http://partuza.nl/. However, it fails
> miserably on http://partuza.opensocial.dachary.org/ with the following
> error.
>
> ( ! ) osapiException: Error decoding response body:
> ( ! ) Fatal error: Declaration of
> PartuzaOAuthLookupService::getSecurityToken() must be compatible with
> that of OAuthLookupService::getSecurityToken() in
> /usr/src/partuza/Shindig/PartuzaOAuthLookupService.php on line 25
> Call Stack
> # Time Memory Function Location
> 1 0.0005 96896 {main}( ) ../index.php:0
> 2 0.0141 1457464 JsonRpcServlet->doPost( ) ../index.php:118
> 3 0.0141 1457464 ApiServlet->getSecurityToken( )
> ../JsonRpcServlet.php:45
> 4 0.0142 1459368 __autoload( ) ../index.php:0
> 5 0.0146 1491024 require(
> '/usr/src/partuza/Shindig/PartuzaOAuthLookupService.php' )
> ../index.php:74
> in /var/www/opensocial-php-client/osapi/io/osapiRpcIO.php on line 56
> Call Stack
> # Time Memory Function Location
> 1 0.0084 66840 {main}( ) ../listFriends.php:0
> 2 0.2793 1562380 osapiBatch->execute( ) ../listFriends.php:59
> 3 0.2879 1562380 osapiRpcIO::sendBatch( ) ../osapiBatch.php:60
>
> I've looked into
> shindig-1.0-incubating-php/src/common/OAuthLookupService.php and it shows:
>
> abstract public function getSecurityToken($oauthRequest, $appUrl,
> $userId);
>
> while partuza/Shindig/PartuzaOAuthLookupService.php shows:
>
> public function getSecurityToken($oauthRequest, $appUrl, $userId,
> $contentType) {
>
> It looks like a discrepancy between shindig and partuza. I double
> checked that the installed versions are
>
> https://repository.apache.org/content/groups/public/org/apache/shindig/shindig/1.0-incubating/shindig-1.0-incubating-php.tar.gz
> and
> http://partuza.googlecode.com/files/partuza-1.0.0.tar.gz
>
> Any idea ?
>
> Cheers
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpQ1ZsACgkQ8dLMyEl6F20CigCgj74+HfTbg5jLlvRraJV3VYUQ
> ikQAoKNJadLG+yOpaa8teXsFuiNHa8+G
> =Cjxl
> -----END PGP SIGNATURE-----
>
>
Re: opensocial-php-client/examples/appData.php : two legged variation
?
Posted by Loic Dachary <lo...@dachary.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Chabot wrote:
> Hey Loic,
>
> Using the 2 legged variant is quite simple, just change the $auth
> bit from:
>
> $auth =
> osapiOAuth3Legged::performOAuthLogin('ddf4f9f7-f8e7-c7d9-afe4-c6e6c8e6eec4',
> '6f0e1a11ac45caed32d699f9e92ae959', $storage, $provider,
> $localUserId); to: new osapiOAuth2Legged("OAuth Key", "OAuth
> Secret", 'The User ID for which you want to do something');
>
> Where the oauth key & token are the ones from the edit applications
> overview, and the user id on who's behalf you want to perform your
> actions.
>
> After that you can use the $osapis->appdata-> get / create / update
> / delete functions as you would expect to be able to use them :)
>
> Do note that most containers have the restriction that someone
> needs to have the app installed (identified by the oauth
> key/secret) to be able to retrieve and/or modify their data.
This works beautifully on http://partuza.nl/. However, it fails
miserably on http://partuza.opensocial.dachary.org/ with the following
error.
( ! ) osapiException: Error decoding response body:
( ! ) Fatal error: Declaration of
PartuzaOAuthLookupService::getSecurityToken() must be compatible with
that of OAuthLookupService::getSecurityToken() in
/usr/src/partuza/Shindig/PartuzaOAuthLookupService.php on line 25
Call Stack
# Time Memory Function Location
1 0.0005 96896 {main}( ) ../index.php:0
2 0.0141 1457464 JsonRpcServlet->doPost( ) ../index.php:118
3 0.0141 1457464 ApiServlet->getSecurityToken( )
../JsonRpcServlet.php:45
4 0.0142 1459368 __autoload( ) ../index.php:0
5 0.0146 1491024 require(
'/usr/src/partuza/Shindig/PartuzaOAuthLookupService.php' )
../index.php:74
in /var/www/opensocial-php-client/osapi/io/osapiRpcIO.php on line 56
Call Stack
# Time Memory Function Location
1 0.0084 66840 {main}( ) ../listFriends.php:0
2 0.2793 1562380 osapiBatch->execute( ) ../listFriends.php:59
3 0.2879 1562380 osapiRpcIO::sendBatch( ) ../osapiBatch.php:60
I've looked into
shindig-1.0-incubating-php/src/common/OAuthLookupService.php and it shows:
abstract public function getSecurityToken($oauthRequest, $appUrl,
$userId);
while partuza/Shindig/PartuzaOAuthLookupService.php shows:
public function getSecurityToken($oauthRequest, $appUrl, $userId,
$contentType) {
It looks like a discrepancy between shindig and partuza. I double
checked that the installed versions are
https://repository.apache.org/content/groups/public/org/apache/shindig/shindig/1.0-incubating/shindig-1.0-incubating-php.tar.gz
and
http://partuza.googlecode.com/files/partuza-1.0.0.tar.gz
Any idea ?
Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpQ1ZsACgkQ8dLMyEl6F20CigCgj74+HfTbg5jLlvRraJV3VYUQ
ikQAoKNJadLG+yOpaa8teXsFuiNHa8+G
=Cjxl
-----END PGP SIGNATURE-----
Re: opensocial-php-client/examples/appData.php : two legged variation
?
Posted by Chris Chabot <ch...@google.com>.
Hey Loic,
Using the 2 legged variant is quite simple, just change the $auth bit from:
$auth =
osapiOAuth3Legged::performOAuthLogin('ddf4f9f7-f8e7-c7d9-afe4-c6e6c8e6eec4',
'6f0e1a11ac45caed32d699f9e92ae959', $storage, $provider, $localUserId);
to:
new osapiOAuth2Legged("OAuth Key", "OAuth Secret", 'The User ID for which
you want to do something');
Where the oauth key & token are the ones from the edit applications
overview, and the user id on who's behalf you want to perform your actions.
After that you can use the $osapis->appdata-> get / create / update / delete
functions as you would expect to be able to use them :)
Do note that most containers have the restriction that someone needs to have
the app installed (identified by the oauth key/secret) to be able to
retrieve and/or modify their data.
-- Chris
On Fri, Jul 3, 2009 at 9:39 AM, Loic Dachary <lo...@dachary.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I've been able to play with
>
> http://pokersource.info/opensocial-php-client/examples/appData.php?test=partuza
> and modify the application data of all the installed application of my
> account at http://partuza.nl/ :-)
>
> Unless I'm mistaken, this example uses a three legged OAuth dialog (
> i.e. I'm redirected to partuza.nl and required to login before it
> works and the appData.php code has access to the app data of all the
> installed applications, not just a designated application ).
>
> I would be most interested in a two legged variation where I would set
> the consumer key and secret ( as found in the page describing the
> installed application on my partuza.nl account ). I could try to guess
> a sensible set of api calls that would accomplish this. But I'm
> currently in a great state of confusion regarding the OAuth
> implementation/logic and a working example would bring some stability
> in my world ;-)
>
> Thanks in advance
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpNtakACgkQ8dLMyEl6F22+WwCeOkrVRVMUjXPLcP4+FZ+iSHCg
> dGMAoKMvFwsujkIdzBMlsUToWK2wAbjl
> =8KST
> -----END PGP SIGNATURE-----
>
>