the auroran sunset (![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small} tithonus) wrote in ![[info]](http://p-stat.livejournal.com/img/community.gif){kind=small} lj_dev,@ 2006-10-08 06:25:00 |
|
TypeKey API manual problems
Not sure if this is a good place to put this, but I can see no obvious way of contacting sixapart on from their site, and I'm assuming there is a lot of cross-pollination between the two projects (LJ and TypeKey).
I've just finished writing a custom PHP implementation of TypeKey. I realise that this has been done before (e.g. Solar_Auth_TypeKey) - it just seemed to be the best way to learn how it all worked.
My final problems came as the result of two errors in the explanation of the 'sig' field in both versions of the TypeKey API manual on the sixapart website.
One error is just confusing, the other is catastrophic. Obviously many developers must have already spotted and corrected the errors (presumably by reading the source code to find what the API *really* is), because I have found implementations on the web which work correctly.
Here's what the manuals say:
The confusing error is in the example, which is in the form:-
<email>::<nick>::<name>::<ts>::<site-token>, rather than <email>::<name>::<nick>::<ts>::<site-token> as it should be.
The catastrophic error is that the signature is actually of the form:
<email>::<name>::<nick>::<ts>
ie without the <site-token> on the end!
Thus the example should read:
napoleon@france.fr::napster::Napolon Bonaparte::1000000800
(Should Napoleon be spelt correctly?!)
Obviously the manuals should be corrected ASAP. Hopefully someone here knows how to get that to happen, or knows who I should be telling... Or can really surprise me by explaining why these aren't actually errors! :-)
Not sure if this is a good place to put this, but I can see no obvious way of contacting sixapart on from their site, and I'm assuming there is a lot of cross-pollination between the two projects (LJ and TypeKey).
I've just finished writing a custom PHP implementation of TypeKey. I realise that this has been done before (e.g. Solar_Auth_TypeKey) - it just seemed to be the best way to learn how it all worked.
My final problems came as the result of two errors in the explanation of the 'sig' field in both versions of the TypeKey API manual on the sixapart website.
One error is just confusing, the other is catastrophic. Obviously many developers must have already spotted and corrected the errors (presumably by reading the source code to find what the API *really* is), because I have found implementations on the web which work correctly.
Here's what the manuals say:
The DSA signature of the string formed by concatenating the following values, separated by double-colons:
<email>::<name>::<nick>::<ts>::<site-token>
<site-token> is the parameter <t> that was passed to TypeKey. To give an example, if I was ``Napoleon Bonaparte'' <napoleon@france.fr> with a login name of 'napster', and I logged in from an app with TypeKey token hql3XGNq1fB1cSjlCZ3i at 2001-09-08 19:00:00 (or 1000000800 seconds from the epoch), sig would be the signature for this string:
napoleon@france.fr::Napolon Bonaparte::napster::1000000800::hql3XGNq1fB1cSjlCZ3i
The confusing error is in the example, which is in the form:-
<email>::<nick>::<name>::<ts>::<site-token>, rather than <email>::<name>::<nick>::<ts>::<site-token> as it should be.
The catastrophic error is that the signature is actually of the form:
<email>::<name>::<nick>::<ts>
ie without the <site-token> on the end!
Thus the example should read:
napoleon@france.fr::napster::Napolon Bonaparte::1000000800
(Should Napoleon be spelt correctly?!)
Obviously the manuals should be corrected ASAP. Hopefully someone here knows how to get that to happen, or knows who I should be telling... Or can really surprise me by explaining why these aren't actually errors! :-)
