Changes

CloudServices/Sagrada/TokenServer

78 bytes removed, 23:38, 12 January 2012

→‎Authorization Token

* '''expires''': an expire timestamp (UTC) defaults to current time + 30 mn

* '''uid''': the app-specific user id (the user id integer in the case of sync)

* '''salt''': a randomly-generated salt for use in the calculation of the Token Secret (''optional'')

Example:

auth_token = {'uid': '123', 'expires': 1324654308.907832}

~~The Auth Token also includes a randomly-generated salt for use in the calculation of the Token Secret.~~ The token is signed using the Signing Secret and base64-ed. The signature is HMAC-SHA1:

auth_token, signature = HMAC-SHA1(auth_token, sig_secret)

auth_token = b64encode(auth_token~~, salt~~, signature)

'''The authorization token is not encrypted'''

~~(XXX: Need to confirm whether using the salt adds any real value here)~~

=== Metadata token (optional) ===

Tarek.ziade

Confirm

927

edits

Changes

CloudServices/Sagrada/TokenServer

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools