Confirmed users
471
edits
Identity/AttachedServices/KeyServerProtocol: Difference between revisions
Identity/AttachedServices/KeyServerProtocol (view source)
Revision as of 05:18, 1 August 2013
, 1 August 2013→Creating a Session
m (→/auth/finish) |
|||
| Line 167: | Line 167: | ||
For login, the single-use authToken is spent on a call to /session/create . | For login, the single-use authToken is spent on a call to /session/create . | ||
This allocates two new tokens: a long-lived "sessionToken", and a single-use "keyFetchToken". The /session/create call returns an encrypted bundle containing the two tokens. | This allocates two new (random 32-byte) tokens: a long-lived "sessionToken", and a single-use "keyFetchToken". The /session/create call returns an encrypted bundle containing the two tokens. | ||
[[File:PICL-IdPAuth-encrypt-sessionToken.png|Decrypting the sessionToken and keyFetchToken]] | [[File:PICL-IdPAuth-encrypt-sessionToken.png|Decrypting the sessionToken and keyFetchToken]] | ||