Dustin:

 I think everyone is still trying to figure this out. Hard to move foward without it.

 *EDIT*

 This will get you the current user id, works perfect: http://developer.myspace.com/Community/forums/t/538.aspx

The problem isn't getting the user_id, it is verifying the user_id. I want to make sure that it isn't being spoofed. Right now it is theoretically a problem and I am not sure at the moment if it is an actual security hole that can be exploited. Anyone have a way to use the signature + owner id that is passed in to verify. Thanks!

The owner_id and viewer_id that are coming across to you are verified; that is, if you verify the signature as authentic, you've verified that the ids are as well. They were part of the basestring used to create the signature, and weren't added until the moment the Myspace relay-proxy makes the basestring and signature. In other words, there is no place to spoof them. If you try to spoof between the browser and the proxy, the proxy will ignore it (it uses your session token, something you can't fake, to pull up viewer and owner), and if you try to spoof between the proxy and the external server, you'll break OAuth athentication.

I could be missing your point, though.

 

Thanks Jeremy. That is what I figured.

 http://developer.myspace.com/Community/forums/t/1145.aspx

is what i came up with to authenticate the user in the iframe....

hi Mallamace,

Thanks for STEP-By-STEP guide to develop MySpace application at the very first.

I did Exactly what has been  mentioned there,I replaced $secret value 'xxxxxx'  with my application secret.What I did is I hosted my files on my local server and set the application URI to http://localhost/application_name.I did replace application $key with the applicaion uri (i.e. http://localhost/application_name) and then when I run the aboove URL on my  server it shows the following error :

 Fatal error: Call to undefined function hash_hmac() in C:\Program Files\xampp\htdocs\nick\OAuth.php on line 76

I don't know where I made mistake.

I'm a it confused what to put $key=, when I go to my applications and see the application, the URI is shown as I set ,  http://localhost/application_name,

 Can you (or anyonw help me with this?) ,I'll be really grateful to.Moreover, I want to know after successful run of application how can I show the application on MySpace ?

waiting for kind reply,

Deepak 

 

 

"Fatal error: Call to undefined function hash_hmac() in C:\Program Files\xampp\htdocs\nick\OAuth.php on line 76" you probaly are running the wrong version of php, the function appears to only be available to php 5 http://us3.php.net/manual/en/function.hash-hmac.php you should be able to switch versions, in the xampp control panel

 hash_hmac() is a PHP 5 function you will only find in PHP 5 (see, hash_hmc() ) 

 I've also updated Step 11 and 12... for anyone having issues with the tutorial. You must point to an external iFrame,

 As a side note regarding the difference between using HTML/Javascript and External iFrame. Everything you do in MySpace is in an iFrame. For anyone familiar with developing for Facebook, it's like developing using an iFrame in Facebook.

Formerly it was authenticating successfully but after a while it just showed the following :

<[iframe] id="frame" width="800" height="500" frameborder="0">

I'm surprised to see this although I've not made any changes on the source code or any code in any file. Can anyone tell me what the exact issue with this is ? Also, it was unable to authenticate with Iframe in Internet explorer(It used to work fine on Firefox) , Now both have common :

<[iframe] id="frame" width="800" height="500" frameborder="0">

Is this due to instability of MDP ? Any suggestion or help will be appreciated.

thx

Deepak,

 Assuming you're still following my tutorial, there is no mention of the word "iframe" in any of the documents I provided so this would mean there is an error on MySpace side, that would make sense because MySpace uses iFrames to display the code in the example I gave you. Can you be more specific or give a screen shot of the error? 

Nathan 

Can I just check something with the other devs using the REST access, for a script to access a user's data that user needs to have added the application on MySpace first, is that right?

 It would be good if it could be like Flickr where the user is redirected to a URL to allow access and then redirected to the app, as the app I'm thinking of developing has no interaction inside myspace.

 thankx for the client lib.

i am able post my userid to my sever's printcanvas.php and if i echo it i can see the user id in canvas. when ever i tried to see profile of the userid/viewerid (which is me) it doesnot show any thing. i just copy paste the example in the space.php and change the id,key and secret keys according to mine

in response of firebug  it just shows

"Loading... "

 

If I've userids of users (Application installed and yet-to-install) then how can I authenticate them or how can Iget their data. if ive an user ID as '"123456789" who hasn't installed the application then can I get: His/Her Profile data like dusplayname, imageuri, etc ? with the PHP Client Library ? There are two mothods : user($iUser) and profile($iUser). if I pass the $iUser parameter as the userid of the User who hasn't installed application yet then both themoethods throws error failing authentication . How Can I get through this ?

Errr... you can't. If the User hasn't added the App, you don't have permission to access their information.

The only way to get around it (short of web-scraping) is to run through your entire list of installed users, looking to see if the Id you're looking for happens to be in one of their Friend lists - if it is, you can use that user's id to pull up their friends list, then pull out the basic information. But that's a rather tedious process.

Jeremy:

Errr... you can't. If the User hasn't added the App, you don't have permission to access their information.

The only way to get around it (short of web-scraping) is to run through your entire list of installed users, looking to see if the Id you're looking for happens to be in one of their Friend lists - if it is, you can use that user's id to pull up their friends list, then pull out the basic information. But that's a rather tedious process.

 

 I hope MySpace does intend to change this in the future. While there would be some security issues it would make the process of using data as simple as the person's display name or user image a whole lot easier. Or rather than having security settings being set via the application have it set via that user's privacy settings on MySpace. Since that would still provide some basic information about that user.

Today (03-24) I get the same error. Please let me know what is wrong.
Fatal error: Uncaught exception 'Exception' with message '401 ' in /home/clicker/public_html/myspaceapps/myspace-platform/Space.php:184 Stack trace: #0 /home/clicker/public_html/myspaceapps/myspace-platform/Space.php(143): Space->_do_request('currentuser', Array) #1 /home/clicker/public_html/myspaceapps/myspace-platform/Space.php(50): Space->do_request('currentuser') #2 /home/clicker/public_html/myspaceapps/fighterjet/prepend.php(22): Space->currentUser() #3 /home/clicker/public_html/myspaceapps/fighterjet/index.php(3): include_once('/home/clicker/p...') #4 {main} thrown in /home/clicker/public_html/myspaceapps/myspace-platform/Space.php on line 184