">mixi Developer Center (mDC)

mixi Apps

mixi Apps (English) » Technical Specification (new method) » PC » Validating Signed Requests

Validating Signed Requests

This article describes how to validate a signed request. If you're unsure of what a signed request is or why you would want to use one, please check out the Introduction To Signed Requests page.

Obtaining encryption keys

Signed requests currently include three parameters:

  • oauth_consumer_key
  • xoauth_signature_publickey
  • oauth_signature_method

The oauth_consumer_key parameter indicates the container from which the request is being sent. The oauth_signature_method parameter indicates the method used to sign the request. For requests signed with RSA-SHA1, the xoauth_signature_publickey contains the name of the public key used to sign the request.

For HMAC-SHA1, you will need to establish a secret key between your application and the container. Each container has a different mechanism for doing so; please consult your target container's documentation for information about establishing a shared secret key.

For RSA-SHA1, you will need to obtain the certificate referenced by xoauth_signature_publickey. For convenience, there is a list of public keys for each container available at https://opensocialresources.appspot.com/certificates/ along with links to each certificate. This site is for convenience only and not approved by the containers listed! For the best security, be sure to check your containers documentation to verify the location of the appropriate public key!

Certificates should not be fetched each time you want to validate parameters - instead, implement a server side key cache indexed on the value of xoauth_signature_publickey, oauth_consumer_key, and oauth_signature_method. If these values change, you will need to pull a new certificate down and store it in your key cache.

OAuth Signing Mechanism

The parameter signing is implemented according to the OAuth parameter signing specification.
Check this page for information about generating the Signature Base String.

PHP

Server side code

The following code shows the server side code for fetchme.php. This code relies on OAuth.php (revision 526) from the open source OAuth library project.

The code implements these steps:

  • Creates an OrkutSignatureMethod class that extends OAuthSignatureMethod_RSA_SHA1
  • Creates an OAuthRequest object from the current request
  • Creates an instance of OrkutSignatureMethod
  • Checks the request using the OrkutSignatureMethod class
  • Outputs a JSON object

This example is not meant to be production quality code, merely a demonstration of the steps you would take to validate a signed request server-side. 

require_once("OAuth.php");

class MixiSignatureMethod extends OAuthSignatureMethod_RSA_SHA1 {
  protected function fetch_public_cert(&$request) {
  return << EOD
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIJANH20l9V3QyGMA0GCSqGSIb3DQEBBQUAMDIxCzAJBgNV
BAYTAkpQMREwDwYDVQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDAeFw0x
MzExMDcwODQwMzhaFw0yMzExMDUwODQwMzhaMDIxCzAJBgNVBAYTAkpQMREwDwYD
VQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMjrvmoMZdlxPbW86JO1VbIguv8ddAQV/+ZtjmanLXU6
QjbGz/0wAONo19R/z4oqccNI1USmGBocuNtzFaIbsXVohaJpJm6cJMQ6dYqJbWZD
C0m8Va+8fx3xjFs/MckvymPbNCSxsycSkiwBNLM0atNiBnRRr5rLHwOlXDarOkaL
sAYPA/EctZq4Mg380dFpDC1mqzjQvXRQ9Z9z/MD75b06EwYY4L/Yb+F92S5BhagM
pSxfIJF7VTmA9de2PE67fhoQOXGg48fS2XE2uKDMuE1U/rQIYzAw3twFJNXiCZ3j
F3uo8pjAy1kWY4uh9KwQ2zXEXSYjJOVDu2eX7Q+ZJDsCAwEAAaNQME4wHQYDVR0O
BBYEFCJwA3yljcHQ917eLcEh1kIzGIE1MB8GA1UdIwQYMBaAFCJwA3yljcHQ917e
LcEh1kIzGIE1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAMSUBJc8
LGLuRvhpqBfUcuHuQzzMM4Xw9x2pEcBAocu6wijvYZt1ATI6zzxC6213BT63ei4W
UzXPYUjC70BGqQu4lhFKRECl48BLJzELayS6Lh+teYmSIdXc3DNsK9L/T19deeC5
iHjkD76z6YPjsPpLyo3TkCi2Ebz+oNkCXQYCZsI0QToTuMuYyL+bsDyFmWTRlvx2
KGZe3pdbMLZW4QSHoN6h0rSpgYKi6vdKbPzLcFEko1oYUwFCHDENvqVfZdMEuauA
W58UChLDu+5bVdldYrmXkZ+u/PiSCsIVKvfCZ+JlgJR4wX+4YgICl5FbRhD/qg2l
S791sxe9mHZeByk=
-----END CERTIFICATE-----
EOD;
  }
}

//Build a request object from the current request
$request = OAuthRequest::from_request(null, null, array_merge($_GET, $_POST));

//Initialize the new signature method
$signature_method = new MixiSignatureMethod();

//Check the request signature
@$signature_valid = $signature_method->check_signature($request, null, null, $_GET["oauth_signature"]);

//Build the output object
$payload = array();
if ($signature_valid == true) {
  $payload["validated"] = "Success! The data was validated";
} else {
  $payload["validated"] = "This request was spoofed";
}

//Add extra parameters to help debugging
$payload["query"] = array_merge($_GET, $_POST);
$payload["rawpost"] = file_get_contents("php://input");

//Return the response as JSON
print(json_encode($payload));
Results

When you run the client side script against the server code, the response function will be called with one of the following objects:

If the request was validated:

{ "validated" : "Success! The data was validated",
  "query" : {  }
}

If the request was not validated:

{ "validated" : "This request was spoofed",
  "query" : {  }
}

Response prints this out in the following format:

Success! The data was validated
oauth_consumer_key: mixi.jp
oauth_nonce: c970afeb19325be3
oauth_signature: #### REALLY LONG STRING ###
oauth_signature_method: RSA-SHA1
oauth_timestamp: 1201225242
oauth_token:
opensocial_appid: ############
opensocial_ownerid: ############
xoauth_signature_publickey: pub.1199819524.-1556113204990931254.cer

Java

Server side code

The code implements these steps:

  • Create a OAuthServiceProvider
  • Create a OAuthConsumer and populate the RSA Certficate with orkut's Certificate
  • Extract the OAuthMessage from the HttpServletRequest
  • Create a OAuthAccessor using the consumer
  • Checks the OAuthMessage using this accessor

This code relies on Java OAuth from the open source Opensocial Java Client.

This example is not meant to be production quality code, merely a demonstration of the steps you would take to validate a signed request server-side.

package net.oauth.example.provider.servlets;

import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.OAuthServiceProvider;
import net.oauth.server.OAuthServlet;
import net.oauth.signature.RSA_SHA1;

import java.util.ArrayList;
import java.io.IOException;
import java.util.Map;
import java.io.PrintWriter;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class SignedFetchVerifyServlet extends HttpServlet {

    private final static String CERTIFICATE =
        "-----BEGIN CERTIFICATE-----\n"
        + "MIIDNzCCAh+gAwIBAgIJANH20l9V3QyGMA0GCSqGSIb3DQEBBQUAMDIxCzAJBgNV\n"
        + "BAYTAkpQMREwDwYDVQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDAeFw0x\n"
        + "MzExMDcwODQwMzhaFw0yMzExMDUwODQwMzhaMDIxCzAJBgNVBAYTAkpQMREwDwYD\n"
        + "VQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDCCASIwDQYJKoZIhvcNAQEB\n"
        + "BQADggEPADCCAQoCggEBAMjrvmoMZdlxPbW86JO1VbIguv8ddAQV/+ZtjmanLXU6\n"
        + "QjbGz/0wAONo19R/z4oqccNI1USmGBocuNtzFaIbsXVohaJpJm6cJMQ6dYqJbWZD\n"
        + "C0m8Va+8fx3xjFs/MckvymPbNCSxsycSkiwBNLM0atNiBnRRr5rLHwOlXDarOkaL\n"
        + "sAYPA/EctZq4Mg380dFpDC1mqzjQvXRQ9Z9z/MD75b06EwYY4L/Yb+F92S5BhagM\n"
        + "pSxfIJF7VTmA9de2PE67fhoQOXGg48fS2XE2uKDMuE1U/rQIYzAw3twFJNXiCZ3j\n"
        + "F3uo8pjAy1kWY4uh9KwQ2zXEXSYjJOVDu2eX7Q+ZJDsCAwEAAaNQME4wHQYDVR0O\n"
        + "BBYEFCJwA3yljcHQ917eLcEh1kIzGIE1MB8GA1UdIwQYMBaAFCJwA3yljcHQ917e\n"
        + "LcEh1kIzGIE1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAMSUBJc8\n"
        + "LGLuRvhpqBfUcuHuQzzMM4Xw9x2pEcBAocu6wijvYZt1ATI6zzxC6213BT63ei4W\n"
        + "UzXPYUjC70BGqQu4lhFKRECl48BLJzELayS6Lh+teYmSIdXc3DNsK9L/T19deeC5\n"
        + "iHjkD76z6YPjsPpLyo3TkCi2Ebz+oNkCXQYCZsI0QToTuMuYyL+bsDyFmWTRlvx2\n"
        + "KGZe3pdbMLZW4QSHoN6h0rSpgYKi6vdKbPzLcFEko1oYUwFCHDENvqVfZdMEuauA\n"
        + "W58UChLDu+5bVdldYrmXkZ+u/PiSCsIVKvfCZ+JlgJR4wX+4YgICl5FbRhD/qg2l\n"
        + "S791sxe9mHZeByk=\n"
        + "-----END CERTIFICATE-----";

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
        verifyFetch(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
        verifyFetch(req, resp);
    }

    private void verifyFetch(HttpServletRequest request, HttpServletResponse resp)
            throws IOException, ServletException {
        resp.setContentType("text/html; charset=UTF-8");
        PrintWriter out = resp.getWriter();

        try {
            OAuthServiceProvider provider = new OAuthServiceProvider(null, null, null);
            OAuthConsumer consumer = new OAuthConsumer(null, "mixi.jp", null, provider);
            consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, CERTIFICATE);

            String method = request.getMethod();
            String requestUrl = getRequestUrl(request);
            List requestParameters = getRequestParameters(request);

            OAuthMessage message = new OAuthMessage(method, requestUrl, requestParameters);

            OAuthAccessor accessor = new OAuthAccessor(consumer);
            out.print("*** OAuthMessage Params:");
            out.print("URL: " + OAuthServlet.htmlEncode(message.URL));
            for (java.util.Map.Entry param : message.getParameters()) {
                String key = param.getKey().toString();
                String value = param.getValue().toString();
                out.print("");
                out.print("Param Name-->" + OAuthServlet.htmlEncode(key));
                out.print(" ");
                out.print("Value-->" + OAuthServlet.htmlEncode(value));
            }
            out.print("");
            out.print(" VALIDATING SIGNATURE ");
            out.print("");
            message.validateSignature(accessor);
            out.print("REQUEST STATUS::OK");
            out.print("");
        } catch (OAuthProblemException ope) {
            out.print("");
            out.print("OAuthProblemException-->"
                + OAuthServlet.htmlEncode(ope.getProblem()));
        } catch (Exception e) {
            out.println(e);
            System.out.println(e);
            throw new ServletException(e);
        } finally {
            out.flush();
        }
    }

    /**
     * Constructs and returns the full URL associated with the passed request
     * object.
     *
     * @param  request Servlet request object with methods for retrieving the
     *         various components of the request URL
     */
    public static String getRequestUrl(HttpServletRequest request) {
        StringBuilder requestUrl = new StringBuilder();
        String scheme = request.getScheme();
        int port = request.getLocalPort();

        requestUrl.append(scheme);
        requestUrl.append("://");
        requestUrl.append(request.getServerName());

        if ((scheme.equals("http") && port != 80)
                || (scheme.equals("https") && port != 443)) {
            requestUrl.append(":");
            requestUrl.append(port);
        }

        requestUrl.append(request.getContextPath());
        requestUrl.append(request.getServletPath());

        return requestUrl.toString();
    }

    /**
     * Constructs and returns a List of OAuth.Parameter objects, one per
     * parameter in the passed request.
     *
     * @param  request Servlet request object with methods for retrieving the
     *         full set of parameters passed with the request
     */
    public static List getRequestParameters(HttpServletRequest request) {

        List parameters = new ArrayList();

        for (Object e : request.getParameterMap().entrySet()) {
            Map.Entry entry = (Map.Entry) e;

            for (String value : entry.getValue()) {
                parameters.add(new OAuth.Parameter(entry.getKey(), value));
            }
        }

        return parameters;
    }
}
The result

When you run the client side script against the server code, and if the request was validated:

*** OAuthMessage Params:
URL: http://oauthtest.s42.eatj.com/oauth/SignedFetchVerifyServlet
Param Name-->oauth_consumer_key Value-->mixi.jp
Param Name-->oauth_nonce Value-->7fe2ce6b24e17c86
Param Name-->opensocial_app_id Value-->10449685582340194994
Param Name-->opensocial_viewer_id Value-->xxxxxxxx
Param Name-->oauth_timestamp Value-->1211519778
Param Name-->opensocial_owner_id Value-->xxxxxxxx
Param Name-->oauth_signature Value-->eYwX2yWLpOZ+gb5oEFeIy+EM3j237nrj/1rj3yp69jgo
                                       /QaPk/OnXbXP9imEcERxtQLj9QqDD8cjbjMJ46VINc7b
                                       Lab8qER1Xhkf4tTIkwfFXJW9tjQMBuGO8OVf9v0UAjAr
                                       uWfSN331LLgGFecKQR5UTD0qAAyzTnFY9aSmqg8=
Param Name-->xoauth_signature_publickey Value-->pub.1199819524.-1556113204990931254.cer
Param Name-->oauth_token Value-->
Param Name-->oauth_signature_method Value-->RSA-SHA1
VALIDATING SIGNATURE
REQUEST STATUS::OK

C#

Server side code

This code relies on the csharp OAuth library from the open source OAuth library project.

This example is not meant to be production quality code, merely a demonstration of the steps you would take to validate a signed request server-side.

// -----------------------------------------------------------------------------------
//
//  OBasePage.cs to validate oAuth signature - .NET
//  by XtremeHeights
//  Last Modification: 4th Oct 2008
//
//  For more information, visit:
//  http:/www.xtremeheights.com/
//  email: contact@xtremeheights.com
//
//
//  Thanks:
//  Khushal Patel for creating plug & plug code for implementing oAuth in .NET
//  Nemesh Singh for fixing the code which started spoofing every request after 25th sep 2008
//
// -----------------------------------------------------------------------------------

using System;
using System.Collections;
using System.Configuration;
using System.Web;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Collections.Specialized;
using OAuth;

public class oBasePage : System.Web.UI.Page
{
    HttpContext htp;
    public oBasePage(HttpContext _htp)
    {
        htp = _htp;
    }

    public bool isvalidrequest()
    {
        //If you want to import certificate file directly then uncomment the below line and comment the certificate
        //X509Certificate Cert = X509Certificate.CreateFromCertFile(htp.Request.PhysicalApplicationPath + "/bin/pub.1199819524.-1556113204990931254.cer");

        X509Certificate2 cert = new X509Certificate2();
        cert.Import(Encoding.ASCII.GetBytes(
            @"-----BEGIN CERTIFICATE-----
            MIIDNzCCAh+gAwIBAgIJANH20l9V3QyGMA0GCSqGSIb3DQEBBQUAMDIxCzAJBgNV
            BAYTAkpQMREwDwYDVQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDAeFw0x
            MzExMDcwODQwMzhaFw0yMzExMDUwODQwMzhaMDIxCzAJBgNVBAYTAkpQMREwDwYD
            VQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDCCASIwDQYJKoZIhvcNAQEB
            BQADggEPADCCAQoCggEBAMjrvmoMZdlxPbW86JO1VbIguv8ddAQV/+ZtjmanLXU6
            QjbGz/0wAONo19R/z4oqccNI1USmGBocuNtzFaIbsXVohaJpJm6cJMQ6dYqJbWZD
            C0m8Va+8fx3xjFs/MckvymPbNCSxsycSkiwBNLM0atNiBnRRr5rLHwOlXDarOkaL
            sAYPA/EctZq4Mg380dFpDC1mqzjQvXRQ9Z9z/MD75b06EwYY4L/Yb+F92S5BhagM
            pSxfIJF7VTmA9de2PE67fhoQOXGg48fS2XE2uKDMuE1U/rQIYzAw3twFJNXiCZ3j
            F3uo8pjAy1kWY4uh9KwQ2zXEXSYjJOVDu2eX7Q+ZJDsCAwEAAaNQME4wHQYDVR0O
            BBYEFCJwA3yljcHQ917eLcEh1kIzGIE1MB8GA1UdIwQYMBaAFCJwA3yljcHQ917e
            LcEh1kIzGIE1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAMSUBJc8
            LGLuRvhpqBfUcuHuQzzMM4Xw9x2pEcBAocu6wijvYZt1ATI6zzxC6213BT63ei4W
            UzXPYUjC70BGqQu4lhFKRECl48BLJzELayS6Lh+teYmSIdXc3DNsK9L/T19deeC5
            iHjkD76z6YPjsPpLyo3TkCi2Ebz+oNkCXQYCZsI0QToTuMuYyL+bsDyFmWTRlvx2
            KGZe3pdbMLZW4QSHoN6h0rSpgYKi6vdKbPzLcFEko1oYUwFCHDENvqVfZdMEuauA
            W58UChLDu+5bVdldYrmXkZ+u/PiSCsIVKvfCZ+JlgJR4wX+4YgICl5FbRhD/qg2l
            S791sxe9mHZeByk=
            -----END CERTIFICATE-----"));

        //Getting Post variables
        string http_params;
        NameValueCollection _p = htp.Request.Form;
        Hashtable _hp = new Hashtable();

        foreach (string k in _p.Keys)
        {
            if (k != null)
            {
                _hp[k] = _p[k];
            }
        }

        SortedList _ps = new SortedList((IDictionary)_hp);

        string[] pairs1 = new string[_ps.Keys.Count];
        int l = 0;

        foreach (string name in _ps.Keys)
        {
            pairs1[l++] = name + "=" + Uri.EscapeDataString(_ps[name].ToString());
        }
        http_params = (String.Join("&", pairs1));

        if (_ps.Keys.Count != 0)
        {
            http_params = "&" + http_params;
        }

        /* RSACryptoServiceProvider Provider = CertUtil.GetCertPublicKey(Cert); // if importing the file directly... */
        RSACryptoServiceProvider Provider = (RSACryptoServiceProvider)cert.PublicKey.Key;
        OAuth.OAuthBase ba = new OAuthBase();

        string signature = (htp.Request.QueryString["oauth_signature"]);

        string baseString = ba.GenerateSignatureBase(htp.Request.Url,
            htp.Request.QueryString["oauth_consumer_key"],
            "",
            htp.Request.QueryString["oauth_token"],
            "",
            htp.Request.HttpMethod,
            htp.Request.QueryString["oauth_timestamp"],
            htp.Request.QueryString["oauth_nonce"],
            "RSA-SHA1",
            http_params);

        byte[] sign = Convert.FromBase64String(signature);
        byte[] bstring = Encoding.UTF8.GetBytes(baseString);
        htp.Response.Write(htp.Request.QueryString["oauth_token"]);

        return (Provider.VerifyData(bstring, "SHA1", sign));
    }
}

Perl

Server side code

This code relies on Crypt::OpenSSL::CA module and OAuth::Lite module published on CPAN.

http://search.cpan.org/~domq/Crypt-OpenSSL-CA-0.21/
http://search.cpan.org/~lyokato/OAuth-Lite-1.30/

This example is not meant to be production quality code, merely a demonstration of the steps you would take to validate a signed request server-side.

#!/usr/bin/perl
use strict;
use warnings;

use Crypt::OpenSSL::CA;
use OAuth::Lite::ServerUtil;
use URI;
use URI::QueryParam;

my $ca = << '__CERTIFICATE__';
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIJANH20l9V3QyGMA0GCSqGSIb3DQEBBQUAMDIxCzAJBgNV
BAYTAkpQMREwDwYDVQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDAeFw0x
MzExMDcwODQwMzhaFw0yMzExMDUwODQwMzhaMDIxCzAJBgNVBAYTAkpQMREwDwYD
VQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMjrvmoMZdlxPbW86JO1VbIguv8ddAQV/+ZtjmanLXU6
QjbGz/0wAONo19R/z4oqccNI1USmGBocuNtzFaIbsXVohaJpJm6cJMQ6dYqJbWZD
C0m8Va+8fx3xjFs/MckvymPbNCSxsycSkiwBNLM0atNiBnRRr5rLHwOlXDarOkaL
sAYPA/EctZq4Mg380dFpDC1mqzjQvXRQ9Z9z/MD75b06EwYY4L/Yb+F92S5BhagM
pSxfIJF7VTmA9de2PE67fhoQOXGg48fS2XE2uKDMuE1U/rQIYzAw3twFJNXiCZ3j
F3uo8pjAy1kWY4uh9KwQ2zXEXSYjJOVDu2eX7Q+ZJDsCAwEAAaNQME4wHQYDVR0O
BBYEFCJwA3yljcHQ917eLcEh1kIzGIE1MB8GA1UdIwQYMBaAFCJwA3yljcHQ917e
LcEh1kIzGIE1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAMSUBJc8
LGLuRvhpqBfUcuHuQzzMM4Xw9x2pEcBAocu6wijvYZt1ATI6zzxC6213BT63ei4W
UzXPYUjC70BGqQu4lhFKRECl48BLJzELayS6Lh+teYmSIdXc3DNsK9L/T19deeC5
iHjkD76z6YPjsPpLyo3TkCi2Ebz+oNkCXQYCZsI0QToTuMuYyL+bsDyFmWTRlvx2
KGZe3pdbMLZW4QSHoN6h0rSpgYKi6vdKbPzLcFEko1oYUwFCHDENvqVfZdMEuauA
W58UChLDu+5bVdldYrmXkZ+u/PiSCsIVKvfCZ+JlgJR4wX+4YgICl5FbRhD/qg2l
S791sxe9mHZeByk=
-----END CERTIFICATE-----
__CERTIFICATE__

my $public_key = Crypt::OpenSSL::CA::X509->parse($ca)
                                         ->get_public_key()
                                         ->to_PEM();

my $method = $ENV{REQUEST_METHOD};
my $url    = 'http://your.host.name/verify_signature.pl';

my $query_string = $ENV{QUERY_STRING};
if ($method eq 'POST') {
  $query_string .= '&' . <STDIN>;
}
my $params = URI->new('?' . $query_string)->query_form_hash();

my $util = OAuth::Lite::ServerUtil->new();
$util->support_signature_method('RSA_SHA1');

my $ret = $util->verify_signature(
            method          => $method,
            url             => $url,
            params          => $params,
            consumer_secret => $public_key,
          );

print 'Status: 200', "\n";
print 'Content-Type: text/plain', "\n";
print "\n";
print $ret ? 'Success' : 'Failure', "\n";

If you have any comment or question about this page, please discuss it at OpenSocial Developer forum.

TOP OF THIS PAGE