14 messages in com.googlegroups.bloggerdevRe: [bloggerDev] NO Secure signed tok...| From | Sent On | Attachments |
|---|---|---|
| cam...@gmail.com | 21 Feb 2007 08:20 | |
| Pete Hopkins ☠ | 21 Feb 2007 10:38 | |
| cam...@gmail.com | 21 Feb 2007 15:32 | |
| Pete Hopkins ☠ | 21 Feb 2007 16:01 | |
| cam...@gmail.com | 22 Feb 2007 02:27 | |
| cam...@gmail.com | 22 Feb 2007 09:17 | |
| Pete Hopkins ☠ | 22 Feb 2007 09:47 | |
| cam...@gmail.com | 22 Feb 2007 10:41 | |
| Pete Hopkins ☠ | 22 Feb 2007 16:16 | |
| cam...@gmail.com | 22 Feb 2007 16:56 | |
| Pete Hopkins ☠ | 27 Feb 2007 15:53 | |
| Pete Hopkins ☠ | 27 Feb 2007 17:04 | |
| cam...@gmail.com | 01 Mar 2007 08:12 | |
| Pete Hopkins ☠ | 01 Mar 2007 10:30 |
| Subject: | Re: [bloggerDev] NO Secure signed token example?? |
|---|---|
| From: | Pete Hopkins ☠ (phop...@google.com) |
| Date: | 02/21/2007 10:38:10 AM |
| List: | com.googlegroups.bloggerdev |
I haven't tried this in PHP, but a quick doc search shows that:
http://us2.php.net/manual/en/function.openssl-sign.php
is probably what you want.
The docs could be more explicit, but the general algorithm is (in pseudo PHP):
$data = "GET " . $url . " " . time() . " " . random(); $sig = base64(sign($data, $key));
Is there any place where you're getting stuck in particular?
-- Pete
On 2/21/07, cam...@gmail.com <cam...@gmail.com> wrote:
Hi,
OK. I am totally stuck here. I am amazed that I cannot find any examples anywhere of a client (php) which demonstrates the 'signing' of the data required to perform secure connections to Blogger, using my registered app.
I think it's a good idea for Google to move to a single login, but without the proper examples and assistance coming to help application providers like myself to upgrade their systems to support the Google logins then things are not going to happen. It was fairly easy for me to register my app to remove the 'Warning' on the login page, but why on earth is there no explanation at all of what to do when 'signing' the Authorization??
See here for docs to that:
http://code.google.com/apis/accounts/AuthForWebApps.html#signingrequests
Surely being secure and 'warning free' is what Google wants?
As the day draws near when my users will have to move over to the new system, if I dont get this fixed, then I'll just have to drop Blogger support and recommend another vendor who does support developers.
I'm pretty sure the answer/solution I need is so simple for someone in the know.
This is absolutely crucial. Please please please can anyone help?
If I can get it all working, I will happily share how to do it, as I am clearly not alone in needed this knowledge.
thanks, camoby