CloudServices/Sagrada/TokenServer: Difference between revisions

Jump to navigation Jump to search

CloudServices/Sagrada/TokenServer (view source)

Revision as of 00:16, 12 January 2012

176 bytes added ,  12 January 2012
→‎Authorization Token
Line 159: Line 159:
   auth_token = {'uid': '123', 'expires': 1324654308.907832}   
   auth_token = {'uid': '123', 'expires': 1324654308.907832}   


The token is signed using the signing secret and base64-ed. The signature is HMAC-SHA1:
The Auth Token also includes a randomly-generated salt for use in the calculation of the Token Secret.  The token is signed using the Signing Secret and base64-ed. The signature is HMAC-SHA1:


   auth_token, signature = HMAC-SHA1(auth_token, sig_secret)
   auth_token, signature = HMAC-SHA1(auth_token, sig_secret)
Line 165: Line 165:


'''The authorization token is not encrypted'''
'''The authorization token is not encrypted'''
(XXX: Need to confirm whether using the salt adds any real value here)


=== Metadata token (optional) ===
=== Metadata token (optional) ===
Rfkelly
Confirmed users
358

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/386412"

Navigation menu