xiaoxiwu / devdefined-tools

Automatically exported from code.google.com/p/devdefined-tools
0 stars 0 forks source link

Can't validate signed requests from OpenSocial applications #1

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Originally reported by a library user via email - details as follows:

Hi Alex,

Hope you don’t mind some random punter emailing you about the OAuth code
you created.. 

Thanks for the code by the way, I was trying to do something similar but
you saved me a load of time.

I just have a quick query.. I am trying to get the RSA Implementation to
work but the validation keeps failing.

I copied the way you outlined in the google groops
(http://code.google.com/p/devdefined-tools/wiki/OAuthSignatureValidation)
and this is what I ended up with..

(I must add that I am using a local certificate I got from friendster and I
don’t have a consumer secret.)

OAuthContext context = new OAuthContextBuilder().FromHttpRequest(Request);

OAuthContextSigner signer = new OAuthContextSigner();

SigningContext signingContext = new SigningContext();

X509Certificate2 x509 = new
X509Certificate2(Server.MapPath("/Certs/friendster.crt"));

signingContext.Algorithm = (RSACryptoServiceProvider)x509.PublicKey.Key; 
// if a certificate is associated with the consumer (for RSA-SHA1 etc.)

signingContext.ConsumerSecret = ""; // if there is a consumer secret

if (!signer.ValidateSignature(context, signingContext))
{
.
.
.

It seems quite straight forward but I can’t seem to get the signature to
validate correctly.. I also don’t have the private key, which means (i
think) that I can’t recreate the signature to help me test and find out
where I’m going wrong.

Anyways, any suggestions would be very much appreciated.. thanks again for
the code.

Kind regards,

Eoin

PollDaddy.com

Original issue reported on code.google.com by bitterco...@gmail.com on 21 Sep 2008 at 10:15

GoogleCodeExporter commented 8 years ago
Fixed, see example here: 

https://devdefined-tools.googlecode.com/svn/trunk/projects/oauth/OpenSocialProvi
derSite

Was caused by trailing ampersand ("&") on the request url.

Original comment by bitterco...@gmail.com on 21 Sep 2008 at 11:39

GoogleCodeExporter commented 8 years ago
Fixed.

Original comment by bitterco...@gmail.com on 6 Apr 2010 at 8:01