1,065
edits
User:Prawsthorne/StepxStep: Difference between revisions
→Ability to hash the earners email with the salt
Prawsthorne (talk | contribs) |
Prawsthorne (talk | contribs) |
||
| Line 127: | Line 127: | ||
http://beta.openbadges.org/baker?assertion=http://yourhosting.com/u/folder/BillyBlogTestBadge2.json | http://beta.openbadges.org/baker?assertion=http://yourhosting.com/u/folder/BillyBlogTestBadge2.json | ||
</pre> | </pre> | ||
* the second method is to submit the json file using a javascript call | * the second method is to submit the json file using a javascript call (remember you will need to include the correct javascript library). | ||
<pre> | <pre> | ||
<a href="javascript:OpenBadges.issue(['http://badges.bit.bc.ca/mwa/mwa-pjrch01.json'], function(errors, successes) | <a href="javascript:OpenBadges.issue(['http://badges.bit.bc.ca/mwa/mwa-pjrch01.json'], function(errors, successes) | ||
{ });"> | { });">claim your badge.</a> | ||
</pre> | </pre> | ||
One of the issues with the plain text nature of json files and massages is that private information can be exposed. One of the features of the OBI is its ability to recognize hashed text to confirm the earner without having to expose their email address | One of the issues with the plain text nature of json files and massages is that private information can be exposed. One of the features of the OBI is its ability to recognize hashed text to confirm the earner without having to expose their email address in the json file. The following php code snippet hashes the earners email with a salt value using sha256 encryption. This is a one way hash, so you can't "unhash" it. To confirm this value you would need the email address of the earner and the salt value and then hash it yourself with sha256. Once the value is hashed you should have no reason to "unhash" the value, the OBI will be able to do this as it is accepting the badge into the earners backpack. | ||
<pre> | <pre> | ||
<?php | <?php | ||