Authsub secure - Invalid AuthSub token error - Google Accounts API

ディスカッション Authsub secure - Invalid AuthSub token error からのメッセージ

Ryan Boyd (Google)

詳細オプション 4月25日, 午前12:01

差出人: "Ryan Boyd (Google)" <api.rb...@google.com>

日付: Thu, 24 Apr 2008 08:01:22 -0700 (PDT)

ローカル: 2008年4月25日(金) 午前12:01

件名: Re: Authsub secure - Invalid AuthSub token error

  投稿者に返信
  |
  転送 | 印刷 | スレッドを表示
  | オリジナルを表示
  | このメッセージを報告 | この投稿者のメッセージを検索
  

On Apr 18, 7:28 pm, Nick <nick.lemou...@gmail.com> wrote:

> Thanks for your reply Lane. As far as I can tell my server is being
> updated from nz.pool.ntp.org

> ~# ntpq -p
> remote refid st t when poll reach delay
> offset jitter
> =========================================================================== ===
> *ntp.tpnet.co.nz 128.250.36.3 2 u 391 1024 377 51.310
> -11.162 0.856
> +203.161.84.63.s 128.250.36.2 2 u 207 1024 377 182.200
> 8.699 8.075
> +core.narx.net 128.250.37.2 2 u 198 1024 377 123.122
> 3.208 2.744

> Is there anything else that authsub is picky about? Does the X.509
> cert have to have the correct organizational information in it or does
> it not look at that info?

No, it doesn't care about the organizational (or other information) in
the certificate.

Have you verified you're passing 'secure=1' when generating the
AuthSubRequest URL?

I have some test code following this message that I used to quickly
create a signature and was able to use it successfully -- let me know
how similar this is to your code (or just include your code here for
to allow us to try it out ).

Cheers,
-Ryan
---

$fp = fopen("mykey.pem", "r");
$priv_key = fread($fp, 8192);
fclose($fp);
$pkeyid = openssl_get_privatekey($priv_key);

$time = time();
$method = "GET";
// $url = "https://www.google.com/accounts/AuthSubSessionToken";
// cheating for the nonce (don't use this code in production)
$data = $method . " " . $url . " " . $time . " 15948652339726849410";

// compute signature
openssl_sign($data, $signature, $pkeyid, OPENSSL_ALGO_SHA1);

// free the key from memory
openssl_free_key($pkeyid);

$sig = base64_encode($signature);
// if using for real, you'd validate this input data
$token = $_GET['token'];

echo 'curl -H \'Authorization: AuthSub token="' . $token . '"
data="' . $data . '" sig="' . $sig . '" sigalg="rsa-sha1"\' ' . $url;

> ThanksNick

> On Apr 19, 8:20 am, "Lane LiaBraaten (Google)"

> <api.lliab...@google.com> wrote:
> > HiNick,

> > The request you're sending looks fine. The Accounts API servers are pretty
> > picky about timestamps - can you verify that the time on the machine is
> > sycned with a NTP server? Also, checkhttp://time.govtomake sure the time
> > matches.

> > Hope that helps,
> > Lane

> > On Thu, Apr 17, 2008 at 4:36 PM,Nick<nick.lemou...@gmail.com> wrote:

> > > I've been trying for the last couple of weeks to find a way to use
> > > authsub secure with PHP. The Zend framework doesn't support secure
> > > authsub yet, so I had to write my own API.

> > > Normal unsecure requests work fine and I can upgrade one time tokens
> > > to session tokens without any hassle. The problem comes when I try and
> > > upgrade a secure token to a session token, I get:

> > > Invalid AuthSub token.
> > > Error 403

> > > This is the request I'm making:

> > > GET /accounts/AuthSubSessionToken HTTP/1.1
> > > Host:www.google.com
> > > User-Agent: PHP connector Alpha 0.01
> > > Connection: close
> > > Accept-Encoding: gzip
> > > Authorization: AuthSub token="CPy81sjiChD2-cORAQ" data="GET
> > >https://www.google.com/accounts/AuthSubSessionToken1208475262
> > > 97612217129769266447" sig="J/

> > > YGP9I1dWfIy18Ee7bsDzLk7IJwYgNur2DPl6As9MyeD5/3LLfkJ31Iie62rxPGS2OLYPO2l5KSq VR11NRDesyT3vvwuN9B2A8uCdaqhArZxP6lOd
> > > +KzZ7xeSKJEApctAuvODVB5kKS9AgcwW+aIJwpQ5dY8eMyB+idYJovEgc="
> > > sigalg="rsa-sha1"

> > > I'm figuring I have a problem with the signature, but I'm not getting
> > > a signature error. My scope ishttps://www.google.com/calendar/feeds/,
> > > but I'm not getting a scope error.

> > > This is driving me up the wall, can someone please help!

> > > Thanks
> > >Nick

投稿者に返信転送