JavaScript/HTML - Container

Re: Pass User Id to Iframe app (what worked for me)

Tony — Fri, 13 Feb 2009 20:40:24 GMT

F**ing Christmas! Outstanding - I've pulled all my hair out but now its all worth it.

Re: Pass User Id to Iframe app (what worked for me)

vDream Lijen — Tue, 09 Sep 2008 00:36:18 GMT

I got this working in ruby too, if anyone is interested send me a message

Re: Pass User Id to Iframe app (what worked for me)

vDream Lijen — Mon, 08 Sep 2008 21:18:38 GMT

Just kidding, forgot to take into account clints last comment about the blank spaces. Here's whats working for me which incorporates his changes:


$this_url = strtolower('http://xxx/phpauth.php');

$myspace_secret="xxx"; //your myspace secret key

$opensocial_viewer_id=$_GET[opensocial_viewer_id];
$oauth_signature=$_GET[oauth_signature];

// check the sigs and make sure its  the real deal
$remote_signature = $_GET['oauth_signature'];
unset($_GET['oauth_signature']);
ksort($_GET);
$url_me=urlencode($this_url);
$g_me=urlencode(http_build_query($_GET, null, '&'));
$g_me=str_replace( '%2B', '%2520', $g_me );
$base_string = "GET&$url_me&$g_me";
$secret = "$myspace_secret&";
$local_signature = base64_encode(hash_hmac("sha1", $base_string, $secret, TRUE));

Re: Pass User Id to Iframe app (what worked for me)

vDream Lijen — Mon, 08 Sep 2008 21:04:43 GMT

Just wanted to give whoevers still reading this thread an update on my experiences. I got the auth working with php. I followed all the suggested posts in this thread, but I noticed one thing that was off. The call to http_build_query would return a query string that used & as the arg seperator instead of & by default. In short, it was url encoding the seperators in addition to the params. You can call http_build_query with $arg_separator (the 3rd arg) to explicitly tell it to use &, and that worked for me! The signatures now match. Heres my complete code along with some helpful urls for me:

$this_url = strtolower('http://xxx/phpauth.php');

$myspace_secret="xxx"; //your myspace secret key

$opensocial_viewer_id=$_GET[opensocial_viewer_id];
$oauth_signature=$_GET[oauth_signature];

// check the sigs and make sure its  the real deal
$remote_signature = $_GET['oauth_signature'];
unset($_GET['oauth_signature']);
ksort($_GET);
$url_me=urlencode($this_url);
$g_me = urlencode(http_build_query($_GET, null, '&'));
$base_string = "GET&$url_me&$g_me";
$secret = "$myspace_secret&";
$local_signature = base64_encode(hash_hmac("sha1", $base_string, $secret, TRUE));

http://meyerweb.com/eric/tools/dencoder/

http://us2.php.net/http_build_query

Hope that helps someone out there. Now alls left to do is to get this thing working in ruby...

Re: Pass User Id to Iframe app (what worked for me)

vDream Lijen — Wed, 03 Sep 2008 09:30:22 GMT

Im trying to reproduce the invite app found here (http://profile.myspace.com/Modules/Applications/Pages/Canvas.aspx?appId=112908) within this iframe, but am getting some errors. Have you guys successfully been able to use opensocial within your frames? From what I understand there are 2 nested frames here. One default provided by MySpace, and the other one specifically inserted in the following code added to the top of the canvas surface:

The inner frame doesn't have the required opensocial js libraries included. When I try to manaully include them I get a lot of errors...

Re: Pass User Id to Iframe app (what worked for me)

Clint — Wed, 25 Jun 2008 03:32:11 GMT

I figured out what my problem was. If you use the external iFrame instead of the canvas with the makeRequest you get some additional parameters in the initial request. The problem is that the opensocial_token MAY contain spaces. After all of the processing mySpace is encoding these spaces as %2520 (ascii for space %20 encoded again). However in the above code the space is getting encoded as %2B (turned into a + then encoded).

Replace the %2B with %2520 and you are golden. phew.

Here is my final code.

Good luck!

Clint

            $remote_signature = $_GET['oauth_signature'];
            //$url = strtolower( 'http://clintokontendeuroswe.myspace.clinto.robinsonsplace.com/' );
            $url = strtolower( $_SERVER['SCRIPT_URI'] );
            unset( $_GET['oauth_signature'] );
            ksort( $_GET );
            $getString = urlencode( http_build_query( $_GET ) );
            $getString = str_replace( '%2B', '%2520', $getString );
            $base_string = 'GET&'.
                       urlencode( $url ) . '&'.
                       //urlencode( http_build_query( $_GET ) );
                       $getString;

$secret = '5f1ce2b5c4464bec9afe8e6c4de08c2d' . '&';

$local_signature = base64_encode( hash_hmac( "sha1", $base_string, $secret, TRUE ) );

if ( $remote_signature == $local_signature ) {

Re: Pass User Id to Iframe app (what worked for me)

Clint — Tue, 24 Jun 2008 18:22:28 GMT

I am getting very inconsistent results with the authentication.

It works 'sometimes' from IE and never from Firefox (well not yet it is random). I am using the modified code below. I am always hitting the same page from an external iFrame. I am dumping all the variables and cannot understand why the signatures matche sometimes and not others. The only changes in the $base_string seem to be the expected changes in oauth_nonce, oauth_timestamp, and opensocial_token.

Any ideas as to what stupid thing I am missing here?

Thanks in advance,

Clint

        $remote_signature = $_GET['oauth_signature'];
        $url = strtolower( $_SERVER['SCRIPT_URI'] ); //for debugging. I have tried hard coded page value also
        unset( $_GET['oauth_signature'] );
        ksort( $_GET );
        $param_string = '';
        $first = 0;
        foreach ($_GET as $key => $value) {
            if ($first == 1) {
                $param_string .= '&'.$key.'='.urlencode($value);
            }
            else {
                $param_string .= $key.'='.urlencode($value);
            }
            $first = 1;
        }

        $base_string = 'GET&'.
                       urlencode( $url ) . '&'.
                       //urlencode( http_build_query( $_GET ) );
                       urlencode( $param_string );
        $secret = $app->getSecret() . '&';

$local_signature = base64_encode( hash_hmac( "sha1", $base_string, $secret, TRUE ) );

        if ( $remote_signature == $local_signature) {
            echo 'success ';
            print "url = $url secret = $secret remote = $remote_signature local = $local_signature base_string = $base_string\n";
        }
        else {
            echo 'not validated! ';
            print "url = $url secret = $secret remote = $remote_signature local = $local_signature base_string = $base_string\n";
        }

Re: Pass User Id to Iframe app (what worked for me)

crushspot.com — Thu, 17 Apr 2008 01:41:45 GMT

I have noticed situations in which MySpace's URL encoding produces different results from PHP's urlencode function. For example: the ~ is not consistently encoded between the two -- effectively making my code useless for people trying to use /~userdir directories.

There are probably other differences that are causing problems for some, sadly I don't have time to help anyone individually.

Re: Pass User Id to Iframe app (what worked for me)

Minh — Mon, 14 Apr 2008 20:57:11 GMT

I just wanted to share my experience with getting authentication to work.

I used the code provided by crushspot but it didn't work. The remote signature was not matching with the local signature.

Looking at the base_string and comparing it with the one I tested on the myspace oauth tool, I realized that the '&' which is %26 was seen as 26%amp%3B on my side. I also notice that the key values get double urlencoded, probably a mistake on myspace side. Well in summary, seems like the code provided on the forum doesn't work for everyone. I think the problem might be related to the urlencode part.

Here's the solution that works for me. This works with canvas that uses IFRAME, which sends all the oauth info automatically when a user visits the canvas page.

$remote_signature = $_GET['oauth_signature'];
$url = strtolower('http://www.yoursite.com/authentication.php');
unset($_GET['oauth_signature']);

ksort($_GET);

$param_string = '';
$first = 0;
foreach ($_GET as $key => $value) {
    if ($first == 1) {
        $param_string .= '&'.$key.'='.urlencode($value);
    }
    else {
        $param_string .= $key.'='.urlencode($value);
    }
    $first = 1;
}

$base_string = 'GET&'.urlencode($url).'&'.urlencode($param_string);
$secret = $yoursecretkey.'&';

$local_signature = base64_encode(hash_hmac("sha1", $base_string, $secret, true));

if ($remote_signature == $local_signature)
echo 'success';

Re: Pass User Id to Iframe app (what worked for me)

Thomas Mango — Sun, 13 Apr 2008 22:34:13 GMT

I found my mistake. Everything is authenticating nicely using the external iframe url.

Re: Pass User Id to Iframe app (what worked for me)

Thomas Mango — Sun, 13 Apr 2008 01:27:06 GMT

So it isn't possible to just use the external url anymore and still authenticate it?

When you set the iframe to an external url, myspace attaches parameters to the query string. On my side, I was planning on using crushspot's code to handle the request (using the external iframe url), create the signature on my side and compare it to oauth_signature passed in the query string. Unfortunately, I'm not having any luck making my local signature match the oauth_signature.

Additionally, with the approach of adding an iframe and making the request manually with javascript instead of just setting the external iframe url, you can't point to your loopback (127.0.0.1) for testing, which is really annoying.

Anyway, I'd rather just point the external iframe url to my test application that's running locally and still authenticate the request.

Any help would be greatly appreciated. Thanks, in advance

Re: Pass User Id to Iframe app (what worked for me)

Jeremy — Sat, 12 Apr 2008 21:02:34 GMT

Right off, PHP 'echo' statements don't seem to come back to the makeRequest return; I replaced them with 'print' instead, and tried it out; it verified the signed makeRequest. I should note that during this test, I just dumped the 'targetURL.text' field into the inner HTML of a div, but it come back authenticated.

Re: Pass User Id to Iframe app (what worked for me)

Thomas Mango — Sat, 12 Apr 2008 20:12:33 GMT

Have you been able to get this code to work? I'm not having any luck either. Perhaps things have changed? Can anyone who has previously used this code chime in. Thanks, in advance

Re: Pass User Id to Iframe app (what worked for me)

Behind Blue Eyes — Thu, 10 Apr 2008 22:07:24 GMT

I'm still working on this. Does my base string look right that I'm hashing?

GET&

http%3A%2F%2Fxxxxxxxx.xxxxxx.xx%2Fxxxxxxxxxxxxx%2Fauthenticate.php

&oauth_consumer_key%3Dhttp%253A%252F%252F

www.myspace.com%252F366757491%26amp%3B

oauth_nonce%3D633434618289426114%26amp%3B

oauth_signature_method%3DHMAC-SHA1%26amp%3B

oauth_timestamp%3D1207865028%26amp%3B

oauth_token%3D%26amp%3Boauth_version%3D1.0%26amp%3B

opensocial_owner_id%3D55331270%26amp%3Bopensocial_viewer_id%3D55331270

where the x's represent the exact URL entered in the code I posted above...

edit: imagine those all as one line. they go off the page otherwise

Re: Pass User Id to Iframe app (what worked for me)

Behind Blue Eyes — Tue, 08 Apr 2008 13:10:30 GMT

Hmm still can't get it to work haha. I can't find anything wrong either...

<?php
   $remote_signature = $_GET['oauth_signature'];
   $url = strtolower('http://xxxxxxxx.xxxxxx.xx/xxxxxxxxxxxxx/authenticate.php');
   unset($_GET['oauth_signature']);
   ksort($_GET);
   $base_string = 'GET&'.
                   urlencode($url).'&'.
                   urlencode(http_build_query($_GET));
   $secret = '80............................................d&';

   $local_signature = base64_encode(hash_hmac("sha1", $base_string, $secret, TRUE));

   if ($remote_signature == $local_signature)
   {
       session_start();
       $_SESSION['authenticated']=true;
       echo 'http://xxxxxxxx.xxxxxx.xx/xxxxxxxxxxxxx/index.php';
   }
   else
   {
       echo 'http://xxxxxxxx.xxxxxx.xx/xxxxxxxxxxxxx/index.php';
   }
?>

I have checked and double checked for any typos or errors and can't find anything wrong. Any ideas?