sdfsl (tithonus) wrote in lj_dev,

TypeKey API manual problems

Not sure if this is a good place to put this, but I can see no obvious way of contacting sixapart on from their site, and I'm assuming there is a lot of cross-pollination between the two projects (LJ and TypeKey).

I've just finished writing a custom PHP implementation of TypeKey. I realise that this has been done before (e.g. Solar_Auth_TypeKey) - it just seemed to be the best way to learn how it all worked.

My final problems came as the result of two errors in the explanation of the 'sig' field in both versions of the TypeKey API manual on the sixapart website.

One error is just confusing, the other is catastrophic. Obviously many developers must have already spotted and corrected the errors (presumably by reading the source code to find what the API *really* is), because I have found implementations on the web which work correctly.

Here's what the manuals say:
The DSA signature of the string formed by concatenating the following values, separated by double-colons:


<site-token> is the parameter <t> that was passed to TypeKey. To give an example, if I was ``Napoleon Bonaparte'' <> with a login name of 'napster', and I logged in from an app with TypeKey token hql3XGNq1fB1cSjlCZ3i at 2001-09-08 19:00:00 (or 1000000800 seconds from the epoch), sig would be the signature for this string: Bonaparte::napster::1000000800::hql3XGNq1fB1cSjlCZ3i

The confusing error is in the example, which is in the form:-
<email>::<nick>::<name>::<ts>::<site-token>, rather than <email>::<name>::<nick>::<ts>::<site-token> as it should be.

The catastrophic error is that the signature is actually of the form:
ie without the <site-token> on the end!

Thus the example should read: Bonaparte::1000000800

(Should Napoleon be spelt correctly?!)

Obviously the manuals should be corrected ASAP. Hopefully someone here knows how to get that to happen, or knows who I should be telling... Or can really surprise me by explaining why these aren't actually errors! :-)

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded