Hello.

I'm developing my first app. I'm using an iframe that points to my php page on my server. I'm able to get the user id pics friends etc. but what I want to do currently is Authenticate the request. Make sure that the request came from myspace and that the signature is valid. simple? it should be but i've been stuck for this two weeks now. This is the latest code i've tried. I've tried everything and all of them generate a different signature than the one i'm getting in the query string:

 

<?php

 require_once("myspace/MySpaceAPI.php");
 require_once("myspace/Config.php");
    if($_GET[opensocial_viewer_id])
    {     
        $remote_signature = $_GET['oauth_signature'];
        foreach( $_GET as $key => $val )
        if( !isset( $_POST[ $key ] ) )
                    $_POST[ $key ] = $val;

        $local_signature = OAuthRequest::from_request()->build_signature(
                            new OAuthSignatureMethod_HMAC_SHA1(),
                            new OAuthConsumer(  "http://www.myspace.com/441547776", "muyappsecretwhiclookslikethisc825dddaa5730378d"),
                            new OAuthToken(null,null)
                   );      
                 
       
        if ($remote_signature == $local_signature)   //check local generated signature and remote signature passed by myspace
        {
            echo "ok";
        }
 print "<pre>\n";

 print "\nContents of \$_GET:\n";
 foreach ($_GET as $k => $v) {
   print "   $k = $v\n";
 }
 if ($remote_signature == $local_signature) {
  print "USER IS VALID\n";
  print("Remote Sig: ".$remote_signature."\n");
  print("Local Sig: ".$local_signature."\n");
 } else {
  print "USER IS NOT VALID\n";
  print("Remote Sig: ".$remote_signature."\n");
  print("Local Sig: ".$local_signature."\n");
 }print "</pre>\n";
    }

 

?>

 

The output looks like this:

Contents of $_GET:
   appid = 124029
   country = US
   installState = 1
   lang = en
   oauth_consumer_key = http://www.myspace.com/441547776
   oauth_nonce = 633678043106220514
   oauth_signature = bVgZPHWWd3QASKbE47eUuyBZDw8=
   oauth_signature_method = HMAC-SHA1
   oauth_timestamp = 1232207510
   oauth_version = 1.0
   opensocial_owner_id = 35186839
   opensocial_surface = canvas
   opensocial_token = dqS2SVsa5OANo6Bk7F/cQ5KaJ/xGVlv5grKWZWbFPGLNBsH64peUW0JznJAYJwh2Jv0COu5q08nXP6i/ARGiHnX a K2z6rrOPvyKwJBXAQ=
   opensocial_viewer_id = 35186839
   ownerId = 35186839
   perm = [\"DP\",\"DH\",\"UT\",\"UF\",\"PB\",\"\"]
   ptoString = COMMENTS,BLOG,BULLETINS,PROFILE,SEND_MESSAGE,SHARE_APP,ACTIVITY
   viewerId = 35186839
USER IS NOT VALID
Remote Sig: bVgZPHWWd3QASKbE47eUuyBZDw8=
Local Sig: dwZB/bBeVHSxR+hzZ5AyWzWlePk=

 I bet that someone already solved this, but I haven't been able to find working code, your help is grealtly appreciated.

 This is bugging the living daylights out of me as well; did you ever find an answer to this?

I haven't solved it yet I'm working with Rhonda in order to find a solution. The weird thing is that we are able to get a valid signature when we request info for myspace so the oauth library is good but when it's the other way around the sig fails.

 

Let me send this thread over to Jorge to see if he can help you :)

 

Rhonda

 

Rhonda, We're you able to pass this to Jorge? I haven't figured this out yet and it's killing me!. I have a question in your iframe app demo, are you guys validating that the request is coming from myspace using hte Signature? Thanks a lot for your help.

The post on a previous thread helped me out much:

http://developer.myspace.com/Community/forums/p/804/3477.aspx#3477

 

Using that one line of code I get a matching signature.