hello all. we created an HTML5 coldfusion powered application that is serving as a canvas application within our Salesforce.com instance. According to the Salesforce.com instructions I need to do the following with the signed request sent to the server but am having difficulty following how to do this:
1. Receive the POST message that contains the initial signed request from Salesforce.
2. Split the signed request on the first period. The result is two strings: the hashed Based64 context signed with the consumer secret and the Base64 encoded context itself.
3. Use the HMAC SHA-256 algorithm to hash the Base64 encoded context and sign it using your consumer secret.
4. Base64 encode the string created in the previous step.
5. Compare the Base64 encoded string with the hashed Base64 context signed with the consumer secret you received in step 2.
of course step 1 & 2 is simple:
<cfset posx = find(".",FORM.SIGNED_REQUEST,1)>
<cfset encodedSig = left(FORM.SIGNED_REQUEST,posx-1)>
<cfset encodedEnv = mid(FORM.SIGNED_REQUEST,posx+1,len(FORM.SIGNED_REQUEST))>
however i can't quite follow what is next. we are running on CF10 Enterprise which is supposed to have the HMAC SHA-256 capabilities. Any help / guidance is greatly appreciated!
