Apps/WebApplicationReceipt/SigningService: Difference between revisions

← Older edit

Apps/WebApplicationReceipt/SigningService (view source)

Revision as of 16:52, 11 April 2012

534 bytes removed , 11 April 2012

no edit summary

RyanTilder

Confirmed users

65

edits

@@ Line 1: / Line 1: @@
-<h2> General Info </h2>
+== General Info ==
-<h3> Definitions </h3>
-<dl><dt> endpoint-url&#160;</dt><dd> The full URI for the service including the <tt>version string</tt> for the API as defined below
+=== Definitions ===
-</dd><dt> version string&#160;</dt><dd> This revision of the protocol is 1.0 so the version string is "/1.0/"
+; endpoint-url : The full URI for the service including the <tt>version string</tt> for the API as defined below
-</dd></dl>
+; version string : This revision of the protocol is 1.0 so the version string is "/1.0/"
-<h3> Abbreviations </h3>
-<dl><dt> JWK&#160;</dt><dd> <a href="http://tools.ietf.org/id/draft-jones-json-web-key-03.txt">JSON Web Key</a>
+=== Abbreviations ===
-</dd><dt> JWS&#160;</dt><dd> <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-01">JSON Web Signature</a>
+; JWK : [http://tools.ietf.org/id/draft-jones-json-web-key-03.txt JSON Web Key]
-</dd><dt> JWT&#160;</dt><dd> <a href="http://self-issued.info/docs/draft-jones-json-web-token.html">JSON Web Token</a>
+; JWS : [http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-01 JSON Web Signature]
-</dd></dl>
+; JWT : [http://self-issued.info/docs/draft-jones-json-web-token.html JSON Web Token]
-<h3> Data format </h3>
-<dl><dt> receipt input&#160;</dt><dd> Input is expected to be in a plaintext JWT format with additional fields as defined by the <a href="https://wiki.mozilla.org/Apps/WebApplicationReceipt">Web Application Receipt</a> wiki page. Since it is a JWT format, UTF-8 is REQUIRED.
+=== Data format ===
-</dd></dl>
+; receipt input : Input is expected to be in a plaintext JWT format with additional fields as defined by the [https://wiki.mozilla.org/Apps/WebApplicationReceipt Web Application Receipt] wiki page. Since it is a JWT format, UTF-8 is REQUIRED.
-<pre class="_fck_mw_lspace">{
- typ: "purchase-receipt",
+ {
- product: {
+  typ: "purchase-receipt",
-   url: "https://grumpybadgers.com",
+  product: {
-   storedata: "5169314356"
+    url: "https://grumpybadgers.com",
- },
+    storedata: "5169314356"
- user: {
+  },
-   type: "email",
+  user: {
-   value: "pseud-123gBm51jc56s@idprovider.com"
+    type: "email",
- },
+    value: "pseud-123gBm51jc56s@idprovider.com"
- iss: "https://appstore.com",
+  },
- nbf: 131360185,
+  iss: "https://appstore.com",
- iat: 131360188,
+  nbf: 131360185,
- detail: "https://appstore.com/receipt/5169314356",
+  iat: 131360188,
- verify: "https://appstore.com/verify/5169314356"
+  detail: "https://appstore.com/receipt/5169314356",
-}
+  verify: "https://appstore.com/verify/5169314356"
-</pre>
+ }
-<p><br />
-</p>
-<h2> API </h2>
+== API ==
-<dl><dt> POST http</dt><dd>//&lt;endpoint-url&gt;/sign&#160;: Takes a receipt in the Receipt format. Returns a BrowserID style certificate chain followed by the signed receipt.<br />
+; POST http://<endpoint-url>/sign : Takes a receipt in the Receipt format. Returns a BrowserID style certificate chain followed by the signed receipt.<br>
-</dd></dl>
+ <root key certificate>"~"<ephemeral key certificate>"~"<signed receipt>
-<pre class="_fck_mw_lspace">&lt;root key certificate&gt;"~"&lt;ephemeral key certificate&gt;"~"&lt;signed receipt&gt;
-</pre>
+=== Definitions ===
-<h3> Definitions </h3>
+; root key certificate : a JWS encoded JWK that is self-signed
-<dl><dt> root key certificate&#160;</dt><dd> a JWS encoded JWK that is self-signed
+; ephemeral key certificate : a JWS encoded JWK that is signed by the root key and can be verified with the root key certificate
-</dd><dt> ephemeral key certificate&#160;</dt><dd> a JWS encoded JWK that is signed by the root key and can be verified with the root key certificate
+; signed receipt : a JWT that is signed by the current ephemeral key certificate
-</dd><dt> signed receipt&#160;</dt><dd> a JWT that is signed by the current ephemeral key certificate
-</dd></dl>
+== HTTP response codes ==
-<h3> HTTP response codes </h3>
+; 200 OK : The request was processed successfully and the server is returning a signed receipt
-<dl><dt> 200 OK&#160;</dt><dd> The request was processed successfully and the server is returning a signed receipt
+; 400 Bad Request : The request itself is malformed or the data supplied with the request is invalid.
-</dd><dt> 400 Bad Request&#160;</dt><dd> The request itself is malformed or the data supplied with the request is invalid.
+; 401 Unauthorized : The authentication credentials are invalid.  At the moment authorization consists of a simple whitelist of IPs.  In the future this may be used to indicate a BrowserID or other authentication mechanism has failed or the credentials are not authorized to use the service.
-</dd><dt> 401 Unauthorized&#160;</dt><dd> The authentication credentials are invalid.  At the moment authorization consists of a simple whitelist of IPs.  In the future this may be used to indicate a BrowserID or other authentication mechanism has failed or the credentials are not authorized to use the service.
+; 409 Conflict : The nbf, iat, or iss specified in the input are invalid for the root key(in the case of a mismatching iss) or the nbf or iat fields are outside the ephemeral key's window of signing validity.
-</dd><dt> 409 Conflict&#160;</dt><dd> The nbf, iat, or iss specified in the input are invalid for the root key(in the case of a mismatching iss) or the nbf or iat fields are outside the ephemeral key's window of signing validity.
+; 503 Service Unavailable : Indicates that the server(s) are undergoing maintenance.
-</dd><dt> 503 Service Unavailable&#160;</dt><dd> Indicates that the server(s) are undergoing maintenance.
-</dd></dl>