signed makeRequest issues

[JohnE]

Hi,

The opensocial_ownerid key passed by makeRequest signed request is
wrong (with 12 digits but it must have 20 digits) and
opensocial_viewerid is not passed by makeRequest call.

Everything worked fine until yesterday, 02/27, morning. I already try
removing and reinstalling the application but not worked.

I posted a bug report in http://code.google.com/p/opensocial-resources/issues/detail?id=94

Thanks

[Alex Epshteyn]

For me makeRequest with the following parameters
{"METHOD":"GET","AUTHORIZATION":"SIGNED"}

Sends a request to my server, but doesn't include any authentication
parameters with the request. It used to work fine a couple of days
ago.

What's going on?

Would appreciate some help,
Alex

On Feb 28, 4:28 am, JohnE <johne...@gmail.com> wrote:
> Hi,
>

> The opensocial_ownerid key passed bymakeRequestsigned request is

[Parag Dhanuka]

I had some old code which I again checked yesterday and saw the same problem as it turned out I saw this line had changed for signed request

params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.SIGNED;

It may be that you also have the same problem.... Now it has been working for me.. :)

Parag

--
Parag Dhanuka

[Alex Epshteyn]

Thanks Parag, but I'm already doing that. Here's my code:

params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.SIGNED;
gadgets.io.makeRequest(url, callback, params);

Alex

[Alex Epshteyn]

This is a total show stopper for my app. Need fix ASAP.

Thanks,
Alex

On Mar 2, 12:46 pm, "Alex Epshteyn" <alexander.epsht...@gmail.com>
wrote:

> Thanks Parag, but I'm already doing that. Here's my code:
>
> params[gadgets.io.RequestParameters.AUTHORIZATION] =
> gadgets.io.AuthorizationType.SIGNED;
> gadgets.io.makeRequest(url, callback, params);
>
> Alex
>

> On 3/2/08, Parag Dhanuka <parag.dhan...@gmail.com> wrote:
>
> > I had some old code which I again checked yesterday and saw the same problem
> > as it turned out I saw this line had changed for signed request
> > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > gadgets.io.AuthorizationType.SIGNED;
>
> > It may be that you also have the same problem.... Now it has been working
> > for me.. :)
>
> > Parag
>

> > On Sat, Mar 1, 2008 at 5:07 PM, Alex Epshteyn <alexander.epsht...@gmail.com>

[ibrahim okuyucu]

Alex,
How does your server side code look like?
POST and GET both works for me.

--
Ibrahim Okuyucu
www.rockyou.com
AIM: wer0cky0u

[Alex Epshteyn]

If you're familiar with the Java Servlet API -
request.getParameterMap() returns an empty map for me. Normally this
map contains the all the GET and POST parameters.

Alex

[ibrahim okuyucu]

not familiar with that but note that;
- Even if you do a POST, OAuth parameters are still passed as URL query string. So look for GET params for the OAuth stuff and POST params for your app's params.
- POST params arent used in the generated signature.

[ejpark]

I though POST params 'should' be used as part of the base signature:
According to 9.1.1 of the oauth, spec:

9.1.1. Normalize Request Parameters
The request parameters are collected, sorted and concatenated into a
normalized string:
* Parameters in the OAuth HTTP Authorization header (Authorization
Header) excluding the realm parameter.
* Parameters in the HTTP POST request body (with a content-type of
application/x-www-form-urlencoded).
* HTTP GET parameters added to the URLs in the query part (as
defined by [RFC3986] (Berners-Lee, T., "Uniform Resource Identifiers
(URI): Generic Syntax," .) section 3).

Eugene Park
Flixster, Inc.
www.flixster.com

On Mar 3, 2:45 pm, "ibrahim okuyucu" <ibra...@rockyou.com> wrote:
> not familiar with that but note that;
> - Even if you do a POST, OAuth parameters are still passed as URL query
> string. So look for GET params for the OAuth stuff and POST params for your
> app's params.
> - POST params arent used in the generated signature.
>

> On 3/3/08, Alex Epshteyn <alexander.epsht...@gmail.com> wrote:
>
>
>
>
>
> > If you're familiar with the Java Servlet API -
> > request.getParameterMap() returns an empty map for me. Normally this
> > map contains the all the GET and POST parameters.
>
> > Alex
>

> > On 3/3/08, ibrahim okuyucu <ibra...@rockyou.com> wrote:
> > > Alex,
> > > How does your server side code look like?
> > > POST and GET both works for me.
>

[Arne Roomann-Kurrik]

Hey Alex,

   I can't reproduce this problem.  Signed requests are being passed to my servers - can you do a dump of the raw request to see what is being passed in?

~Arne

[ibrahim okuyucu]

Arne,
I agree with Eugene, when I read the spec. I was expecting POST params to be included in the signature as well but currently they're not.
Is this going to change?
thnx in advance.

-ibrahim

[Arne Roomann-Kurrik]

Hi Ibrahim,

  I've entered this as a bug in the public tracker.  Please star http://code.google.com/p/opensocial-resources/issues/detail?id=103 to get notifications about this issue.