Changes in OAuth SIGNED request mechanism?
0 views
Skip to first unread message
Sanjay
May 6, 2009, 8:48:33 AM5/6/09
to Orkut Developer Forum
Hi,
Seems there is some change in signed request mechanism ->
http://blog.opensocial.org/2009/04/important-oauth-signing-changes-coming.html
One of my application validates the signed request in the server side
following the article ( http://wiki.opensocial.org/index.php?title=Building_an_OpenSocial_App_with_Google_App_Engine
). It is now NOT working. I did some googling and installed new
opensocial-client library and changed the code to something like this:
def valid_sign_orkut():
oauth_request = oauth.OAuthRequest.from_request(method, url,
params)
consumer = oauth.OAuthConsumer('orkut.com', 'foo')
signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1()
built_signature = signature_method.build_signature(oauth_request,
consumer, None)
return built_signature == tg.request.params.get('oauth_signature')
Still this does not work. Badly needing clues / references.
thanks,
Sanjay
Seems there is some change in signed request mechanism ->
http://blog.opensocial.org/2009/04/important-oauth-signing-changes-coming.html
One of my application validates the signed request in the server side
following the article ( http://wiki.opensocial.org/index.php?title=Building_an_OpenSocial_App_with_Google_App_Engine
). It is now NOT working. I did some googling and installed new
opensocial-client library and changed the code to something like this:
def valid_sign_orkut():
oauth_request = oauth.OAuthRequest.from_request(method, url,
params)
consumer = oauth.OAuthConsumer('orkut.com', 'foo')
signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1()
built_signature = signature_method.build_signature(oauth_request,
consumer, None)
return built_signature == tg.request.params.get('oauth_signature')
Still this does not work. Badly needing clues / references.
thanks,
Sanjay
Shishir
May 12, 2009, 1:55:28 AM5/12/09
to Orkut Developer Forum
Hello Sanjay,
Please take a look at the latest opensocial client library / samples.
I've tested the latest on java and it works just fine [others should
work as well].
The tutorial you've pointed out is probably stale as it's from Sep'08.
Cheers,
Shishir
> Seems there is some change in signed request mechanism ->http://blog.opensocial.org/2009/04/important-oauth-signing-changes-co...
Please take a look at the latest opensocial client library / samples.
I've tested the latest on java and it works just fine [others should
work as well].
The tutorial you've pointed out is probably stale as it's from Sep'08.
Cheers,
Shishir
> Seems there is some change in signed request mechanism ->http://blog.opensocial.org/2009/04/important-oauth-signing-changes-co...
>
> One of my application validates the signed request in the server side
> following the article (http://wiki.opensocial.org/index.php?title=Building_an_OpenSocial_App...
> One of my application validates the signed request in the server side
Sanjay
May 30, 2009, 4:55:16 AM5/30/09
to Orkut Developer Forum
> Please take a look at the latest opensocial client library / samples.
> I've tested the latest on java and it works just fine [others should
> work as well].
> The tutorial you've pointed out is probably stale as it's from Sep'08.
I tried to follow the latest opensocial client library / samples.
> I've tested the latest on java and it works just fine [others should
> work as well].
> The tutorial you've pointed out is probably stale as it's from Sep'08.
Still things don't work. Have some queris -> first follows:
In JS side, I think we have to change from SIGNED to OAUTH like this
params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.OAUTH; // previously it was SIGNED
After this change, the JS hanged. Would kine to know if there is
anything wrong here.
thanks,
Sanjay
Shishir Birmiwal (Google)
Jun 5, 2009, 3:48:10 AM6/5/09
to Orkut Developer Forum
Can you share the rest of the code?
Cheers,
Shishir
On May 30, 1:55 pm, Sanjay <skpate...@gmail.com> wrote:
> > Please take a look at the latest opensocial client library / samples.
> > I've tested the latest on java and it works just fine [others should
> > work as well].
> > The tutorial you've pointed out is probably stale as it's from Sep'08.
>
> I tried to follow the latest opensocial client library / samples.
> Still things don't work. Have some queris -> first follows:
>
> In JS side, I think we have to change fromSIGNEDto OAUTH like this
Cheers,
Shishir
On May 30, 1:55 pm, Sanjay <skpate...@gmail.com> wrote:
> > Please take a look at the latest opensocial client library / samples.
> > I've tested the latest on java and it works just fine [others should
> > work as well].
> > The tutorial you've pointed out is probably stale as it's from Sep'08.
>
> I tried to follow the latest opensocial client library / samples.
> Still things don't work. Have some queris -> first follows:
>
Sanjay Patel
Jun 5, 2009, 6:02:43 AM6/5/09
to opensoci...@googlegroups.com
Hi Shishir,
Now I am able to do it using SIGNED (not OAUTH) mimicking more or less http://wiki.opensocial.org/index.php?title=Building_an_OpenSocial_App_with_Google_App_Engine
Though my work is done, however, I still did not succeed with OAUTH.
This is the sample code using OAUTH which does not work:
JavaScript:
----------------
function opensocial_test(post_data)
{
function handler(obj) {
...
}
var params = {}
params[gadgets.io.RequestParameters.CONTENT_TYPE] = gadgets.io.ContentType.JSON;
params[gadgets.io.RequestParameters.METHOD] = gadgets.io.MethodType.POST;
params[gadgets.io.RequestParameters.POST_DATA] = gadgets.io.encodeValues(post_data);
params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.OAUTH;
gadgets.io.makeRequest('http://www.xxx.com/opensocial_test', handler, params);
}
Server Side Python (TurboGears 2.0, actually)
------------------------------------------------------------------
def valid_sign_orkut():
params = {}
for key, value in tg.request.params.mixed().items():
params[key] = value.encode('utf-8', 'ignore')
oauth_request = oauth.OAuthRequest.from_request(tg.request.method,
tg.request.url,
params)
consumer = oauth.OAuthConsumer('orkut.com:999999999999', 'xxxxxxxxxxxxxxxxxx')
# Actual key and secret are not given here
signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1()
built_signature = signature_method.build_signature(oauth_request,
consumer,
None)
return built_signature == tg.request.params.get('oauth_signature')
--
thanks
Sanjay
http://www.sanjaypatel.name
Can you share the rest of the code?
Now I am able to do it using SIGNED (not OAUTH) mimicking more or less http://wiki.opensocial.org/index.php?title=Building_an_OpenSocial_App_with_Google_App_Engine
Though my work is done, however, I still did not succeed with OAUTH.
This is the sample code using OAUTH which does not work:
JavaScript:
----------------
function opensocial_test(post_data)
{
function handler(obj) {
...
}
var params = {}
params[gadgets.io.RequestParameters.CONTENT_TYPE] = gadgets.io.ContentType.JSON;
params[gadgets.io.RequestParameters.METHOD] = gadgets.io.MethodType.POST;
params[gadgets.io.RequestParameters.POST_DATA] = gadgets.io.encodeValues(post_data);
params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.OAUTH;
gadgets.io.makeRequest('http://www.xxx.com/opensocial_test', handler, params);
}
Server Side Python (TurboGears 2.0, actually)
------------------------------------------------------------------
def valid_sign_orkut():
params = {}
for key, value in tg.request.params.mixed().items():
params[key] = value.encode('utf-8', 'ignore')
oauth_request = oauth.OAuthRequest.from_request(tg.request.method,
tg.request.url,
params)
consumer = oauth.OAuthConsumer('orkut.com:999999999999', 'xxxxxxxxxxxxxxxxxx')
# Actual key and secret are not given here
signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1()
built_signature = signature_method.build_signature(oauth_request,
consumer,
None)
return built_signature == tg.request.params.get('oauth_signature')
--
thanks
Sanjay
http://www.sanjaypatel.name
Reply all
Reply to author
Forward
0 new messages