This article has moved

Shouldn't the viewer ID also be authenticated?

Why shouldn't the certificate be at a well known place? It can be validated because it is signed by a trusted CA, or it can be behind an HTTPS URL.

Viewer will be sent if the app has permission to access the viewer object (i.e. viewer has the app installed).

The cert may eventually be moved to a https url. When the plan for releasing certs is finalized, then we will post updated information.

This page says we shouldn't inline the Orkut public key but use a key cache instead. I couldn't find a PHP key cache or something similar, so I rolled my own Poor Man's PHP Key Cache. I hope this might be helpful to someone.

I think this page should explain what it tries to solve.

I can see what it does, but I'd like to know why it needs doing it.

What use can one have of it..?

What is the use case..?

Cheers

For Ruby on Rails application you can use following step to validate orkut signed request:

1. Install oauth gem.

2. oauth gem has a bug which needs to patched by http://oauth-ruby.googlegroups.com/web/fixes_for_rsa_and_action_controller_request_proxy.patch. This patch is not available in the latest release, so I have used following steps to fix it:

1. copy oauth/signature/rsa/sha1.rb to <rail app root>/lib/patch_sha1.rb
2. copy oauth/request_proxy/action_controller_request.rb to <rail app root>/lib/patch_action_controller_request.rb
3. edit <rail app root>/lib/patch_sha1.rb and <rail app root>/lib/patch_action_controller_request.rb based on the patch.

3.Once this is done then use following code to verify the signature:

  
  require 'oauth/consumer' 
  require 'patch_action_controller_request'
  require 'patch_sha1'
  require 'openssl'
  #this method shld be in the controller as it use request method
  def verify
    #I have save the orkut cert in the public/cert folder.
    #change it based on ur install
    cert_file  = "#{RAILS_ROOT}/public/cert/cert.pem"     
    cert = OpenSSL::X509::Certificate.new( File.read(cert_file) )
    public_key = OpenSSL::PKey::RSA.new(cert.public_key)
    req = OAuth::RequestProxy::ActionControllerRequest.new(request)
    cus = OAuth::Consumer.new('orkut.com',public_key)
    sign = OAuth::Signature::RSA::SHA1.new(req, {:consumer => cus})
    sign.verify
  end

Is there any asp.net sample code available

Is there any asp.net sample code available?

hi nitin, are there any further information of using your rails example?

it doesn't work for my app. sign.verify always returns false.

greetings, florian.

Also looking for ASP.Net 2.0 samples. :)

hi people. any ideas about c#.Net?

Was anyone able to get the java example to work without getting the OAuthProblemException-->signature_invalid?

does anyone have an example for validating igoogle requests with python?

htafolla:

I believe iGoogle and orkut share the same public key. In that case, you can use the Python code here to validate the request:

http://code.google.com/apis/opensocial/articles/appengine-0.8.html#signing

You'll need a couple of additional libraries which are linked to in the text.

Hi Nitin and Florian did you make it work with the oauth gem? I'm trying with the patch but sign.verify always return false as Florian said.

It doesn't work on JAVA! I always get an OAuthProblemException-->signature_invalid...

Is there any error on the example? Am I doing something wrong? Or is there any problem on the component?

Please, help...

I had to debug a similar issue. It turns out that the HttpServletRequest? method which returns the request URL was not including the port number. As a result, the routine was signing the wrong URL and comparing this signature to the one included in the request.

I updated the snippet at http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests with my workaround -- building the request URL "by hand."

Anyone can help me with oauth server side code in php

Post your questions in the OpenSocial API discussion group: http://groups.google.com/group/opensocial-api/topics

join who is online and find friend

who is online join cxommunity and find friend

b.v

require 'oauth/consumer'

require 'patch_action_controller_request' require 'patch_sha1' require 'openssl'

1. his method shld be in the controller as it use request method

def verify

1. have save the orkut cert in the public/cert folder.
2. hange it based on ur install

cert_file = "#{RAILS_ROOT}/public/cert/cert.pem" cert = OpenSSL::X509::Certificate.new( File.read(cert_file) ) public_key = OpenSSL::PKey::RSA.new(cert.public_key) req = OAuth::RequestProxy?::ActionControllerRequest?.new(request) cus = OAuth::Consumer.new('orkut.com',public_key) sign = OAuth::Signature::RSA::SHA1.new(req, {:consumer => cus}) sign.verify

endComment by jigarbjpatel, Jul 17, 2008

Comment by jigarbjpatel, Jul 17, 2008 Is there any asp.net sample code available?

Comment by florian....@gmx.de, Jul 22, 2008 hi nitin, are there any further information of using your rails example?

it doesn't work for my app. sign.verify always returns false.

greetings, florian.

Comment by johnsons, Aug 04, 2008 Also looking for ASP.Net 2.0 samples. :)

Comment by ramandhingra, Aug 07, 2008 hi people. any ideas about c#.Net?

Comment by sai.m.tun, Sep 18, 2008 Was anyone able to get the java example to work without getting the OAuthProblemException-->signature_invalid?

Comment by htafolla, Sep 23, 2008 does anyone have an example for validating igoogle requests with python?

Comment by alice.testington, Sep 23, 2008 htafolla:

I believe iGoogle and orkut share the same public key. In that case, you can use the Python code here to validate the request:

http://code.google.com/apis/opensocial/articles/appengine-0.8.html#signing

You'll need a couple of additional libraries which are linked to in the text.

Comment by brunoaalves, Nov 14, 2008 Hi Nitin and Florian did you make it work with the oauth gem? I'm trying with the patch but sign.verify always return false as Florian said.

Comment by ccte...@ciandt.com, Dec 16, 2008 It doesn't work on JAVA! I always get an OAuthProblemException-->signature_invalid...

Is there any error on the example? Am I doing something wrong? Or is there any problem on the component?

Please, help...

Comment by JasonACooper, Dec 22, 2008 I had to debug a similar issue. It turns out that the HttpServletRequest?? method which returns the request URL was not including the port number. As a result, the routine was signing the wrong URL and comparing this signature to the one included in the request.

I updated the snippet at http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests with my workaround -- building the request URL "by hand."

Comment by wwwvarunbansal, Jan 27, 2009 Anyone can help me with oauth server side code in php

Comment by apija...@google.com, Jan 28, 2009 Post your questions in the OpenSocial? API discussion group: http://groups.google.com/group/opensocial-api/topics

Comment by shivangidhaker, Aug 14, 2009 join who is online and find friend

Comment by shivangidhaker, Aug 14, 2009 who is online join cxommunity and find friend

require 'oauth/consumer'

require 'patch_action_controller_request' require 'patch_sha1' require 'openssl'

1. his method shld be in the controller as it use request method

def verify

1. have save the orkut cert in the public/cert folder.
2. hange it based on ur install

cert_file = "#{RAILS_ROOT}/public/cert/cert.pem" cert = OpenSSL::X509::Certificate.new( File.read(cert_file) ) public_key = OpenSSL::PKey::RSA.new(cert.public_key) req = OAuth::RequestProxy?::ActionControllerRequest?.new(request) cus = OAuth::Consumer.new('orkut.com',public_key) sign = OAuth::Signature::RSA::SHA1.new(req, {:consumer => cus}) sign.verify

endComment by jigarbjpatel, Jul 17, 2008

Comment by jigarbjpatel, Jul 17, 2008 Is there any asp.net sample code available?

Comment by florian....@gmx.de, Jul 22, 2008 hi nitin, are there any further information of using your rails example?

it doesn't work for my app. sign.verify always returns false.

greetings, florian.

Comment by johnsons, Aug 04, 2008 Also looking for ASP.Net 2.0 samples. :)

Comment by ramandhingra, Aug 07, 2008 hi people. any ideas about c#.Net?

Comment by sai.m.tun, Sep 18, 2008 Was anyone able to get the java example to work without getting the OAuthProblemException-->signature_invalid?

Comment by htafolla, Sep 23, 2008 does anyone have an example for validating igoogle requests with python?

Comment by alice.testington, Sep 23, 2008 htafolla:

I believe iGoogle and orkut share the same public key. In that case, you can use the Python code here to validate the request:

http://code.google.com/apis/opensocial/articles/appengine-0.8.html#signing

You'll need a couple of additional libraries which are linked to in the text.

Comment by brunoaalves, Nov 14, 2008 Hi Nitin and Florian did you make it work with the oauth gem? I'm trying with the patch but sign.verify always return false as Florian said.

Comment by ccte...@ciandt.com, Dec 16, 2008 It doesn't work on JAVA! I always get an OAuthProblemException-->signature_invalid...

Is there any error on the example? Am I doing something wrong? Or is there any problem on the component?

Please, help...

Comment by JasonACooper, Dec 22, 2008 I had to debug a similar issue. It turns out that the HttpServletRequest?? method which returns the request URL was not including the port number. As a result, the routine was signing the wrong URL and comparing this signature to the one included in the request.

I updated the snippet at http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests with my workaround -- building the request URL "by hand."

Comment by wwwvarunbansal, Jan 27, 2009 Anyone can help me with oauth server side code in php

Comment by apija...@google.com, Jan 28, 2009 Post your questions in the OpenSocial? API discussion group: http://groups.google.com/group/opensocial-api/topics

Comment by shivangidhaker, Aug 14, 2009 join who is online and find friend

Comment by shivangidhaker, Aug 14, 2009 who is online join cxommunity and find friend

Comment by vinicius...@hotmail.com, Feb 16, 2010 b.v

Delete comment Comment by heberthenrique6, Today (moments ago) require 'oauth/consumer'

require 'patch_action_controller_request' require 'patch_sha1' require 'openssl' his method shld be in the controller as it use request method def verify have save the orkut cert in the public/cert folder. hange it based on ur install cert_file = "#{RAILS_ROOT}/public/cert/cert.pem" cert = OpenSSL::X509::Certificate.new( File.read(cert_file) ) public_key = OpenSSL::PKey::RSA.new(cert.public_key) req = OAuth::RequestProxy??::ActionControllerRequest??.new(request) cus = OAuth::Consumer.new('orkut.com',public_key) sign = OAuth::Signature::RSA::SHA1.new(req, {:consumer => cus}) sign.verify endComment by jigarbjpatel, Jul 17, 2008 Is there any asp.net sample code available

Comment by jigarbjpatel, Jul 17, 2008 Is there any asp.net sample code available?

Comment by florian....@gmx.de, Jul 22, 2008 hi nitin, are there any further information of using your rails example?

it doesn't work for my app. sign.verify always returns false.

greetings, florian.

Comment by johnsons, Aug 04, 2008 Also looking for ASP.Net 2.0 samples. :)

Comment by ramandhingra, Aug 07, 2008 hi people. any ideas about c#.Net?

Comment by sai.m.tun, Sep 18, 2008 Was anyone able to get the java example to work without getting the OAuthProblemException-->signature_invalid?

Comment by htafolla, Sep 23, 2008 does anyone have an example for validating igoogle requests with python?

Comment by alice.testington, Sep 23, 2008 htafolla:

I believe iGoogle and orkut share the same public key. In that case, you can use the Python code here to validate the request:

http://code.google.com/apis/opensocial/articles/appengine-0.8.html#signing

You'll need a couple of additional libraries which are linked to in the text.

Comment by brunoaalves, Nov 14, 2008 Hi Nitin and Florian did you make it work with the oauth gem? I'm trying with the patch but sign.verify always return false as Florian said.

Comment by ccte...@ciandt.com, Dec 16, 2008 It doesn't work on JAVA! I always get an OAuthProblemException-->signature_invalid...

Is there any error on the example? Am I doing something wrong? Or is there any problem on the component?

Please, help...

Comment by JasonACooper, Dec 22, 2008 I had to debug a similar issue. It turns out that the HttpServletRequest??? method which returns the request URL was not including the port number. As a result, the routine was signing the wrong URL and comparing this signature to the one included in the request.

I updated the snippet at http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests with my workaround -- building the request URL "by hand."

Comment by wwwvarunbansal, Jan 27, 2009 Anyone can help me with oauth server side code in php

Comment by apija...@google.com, Jan 28, 2009 Post your questions in the OpenSocial?? API discussion group: http://groups.google.com/group/opensocial-api/topics

Comment by shivangidhaker, Aug 14, 2009 join who is online and find friend

Comment by shivangidhaker, Aug 14, 2009 who is online join cxommunity and find friend

sss

como cria um apicativo quem me esina darei 50 reiais e metades da redas do meu aplicativo

Bharip