Databases
StackOverflow2013
Postsdbo
POVerifying signed requests from Gmail contextual gadget
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POVerifying signed requests from Gmail contextual gadget
    text
    copied!<p>So, I'm using <code>gadgets.io.makeRequest(url, callback, params)</code> to make requests from Gmail contextual gadget and verifying these requests on the server side. </p> <p>To clarify, I'm using the following makeRequest params on the gadget side:</p> <pre><code>params[gadgets.io.RequestParameters.CONTENT_TYPE] = gadgets.io.ContentType.DOM; params[gadgets.io.RequestParameters.AUTHORIZATION] = gadgets.io.AuthorizationType.SIGNED; params["OAUTH_SERVICE_NAME"] = "HMAC"; params[gadgets.io.RequestParameters.METHOD] = gadgets.io.MethodType.GET; </code></pre> <p>I've obtained gadget's consumerKey and consumerSecret from <a href="https://www.google.com/gadgets/directory/verify" rel="nofollow noreferrer">https://www.google.com/gadgets/directory/verify</a> <br/>According to Google's documentation, the request is signed by the container according to <a href="http://oauth.net/core/1.0/#signing_process" rel="nofollow noreferrer">OAuth signing process</a> HMAC-SHA1 method.</p> <p>On the server side, I receive the following request:</p> <p><a href="http://my.dev.machine.com/blapage.aspx?oauth_body_hash=2jmj7l5rSw0yVb/vlWAYkK/YBwk=&amp;opensocial_owner_id=103030060674287937707&amp;opensocial_viewer_id=103030060674287937707&amp;opensocial_app_id=103129310198020657787&amp;opensocial_app_url=http://my.dev.machine.com/gadget.xml&amp;oauth_version=1.0&amp;oauth_timestamp=1284403586&amp;oauth_nonce=6436223395511631796&amp;opensocial_container=http://mail.google.com&amp;oauth_consumer_key=419336943235&amp;oauth_signature_method=HMAC-SHA1&amp;oauth_signature=bshZj9XOXECdYiyR1J8Etnadv5c=" rel="nofollow noreferrer">http://my.dev.machine.com/blapage.aspx?oauth_body_hash=2jmj7l5rSw0yVb/vlWAYkK/YBwk=&amp;opensocial_owner_id=103030060674287937707&amp;opensocial_viewer_id=103030060674287937707&amp;opensocial_app_id=103129310198020657787&amp;opensocial_app_url=http://my.dev.machine.com/gadget.xml&amp;oauth_version=1.0&amp;oauth_timestamp=1284403586&amp;oauth_nonce=6436223395511631796&amp;opensocial_container=http://mail.google.com&amp;oauth_consumer_key=419336943235&amp;oauth_signature_method=HMAC-SHA1&amp;oauth_signature=bshZj9XOXECdYiyR1J8Etnadv5c=</a></p> <p>Then I'm signing this request according to the same OAuth specification that Google is supposed to use, but the signatures don't match.</p> <p>I've already tried signing the request using 2 different libs:</p> <ol> <li>Our home-grown .Net lib, which is used to sign requests for Gmail IMAP OAuth authorization (which uses the same signing method and it works just fine there).</li> <li>One of the contributed opensocial libs (<a href="http://code.google.com/p/opensocial-net-client/" rel="nofollow noreferrer">http://code.google.com/p/opensocial-net-client/</a>)</li> </ol> <p>Both libs produce similar signature base strings. However, weirdly enough, they produce different signatures, and none of these signatures match the one sent by Google in oauth_signature param!</p> <p>Fellow gadget developers, I hope someone of you was more lucky then me and made this signature verification method work. Please, tell me what I'm doing wrong here.</p> <p>Thanks in advance, <br/>buru</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload