Confirm
358
edits
Changes
→Definitions and assumptions
* '''Metadata Token''': used to send application-specific metadata for the Service.
* '''Master Secret''': a secret shared between Login Server and Service Node. Never used directly, only for deriving other secrets.
* '''Signing Secret''': derived from the master secret, used to sign auth and metadata tokens. For example: sig-secret = HKDF_Expand(master-secret, "SIGN")* '''Encryption Secret''': derived from the master secret, used to encrypt the metadata token. For example: enc-secret = HKDF_Expand(master-secret, "ENCRYPT")* '''Token Secret''': derived from the master secret and auth token, used as '''oauth_consumer_secret'''. This is the only secret shared with the client and is different for each auth token. For example: token-secret = HKDF_Expand(master-secret, auth-token)
