Apps/WebApplicationReceipt/SigningService: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "<h2> General Info </h2> <h3> Definitions </h3> <dl><dt> endpoint-url </dt><dd> The full URI for the service including the <tt>version string</tt> for the API as defined belo...")
 
No edit summary
 
Line 1: Line 1:
<h2> General Info </h2>
== General Info ==
<h3> Definitions </h3>
 
<dl><dt> endpoint-url&#160;</dt><dd> The full URI for the service including the <tt>version string</tt> for the API as defined below
=== Definitions ===
</dd><dt> version string&#160;</dt><dd> This revision of the protocol is 1.0 so the version string is "/1.0/"
; endpoint-url : The full URI for the service including the <tt>version string</tt> for the API as defined below
</dd></dl>
; version string : This revision of the protocol is 1.0 so the version string is "/1.0/"
<h3> Abbreviations </h3>
 
<dl><dt> JWK&#160;</dt><dd> <a href="http://tools.ietf.org/id/draft-jones-json-web-key-03.txt">JSON Web Key</a>
=== Abbreviations ===
</dd><dt> JWS&#160;</dt><dd> <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-01">JSON Web Signature</a>
; JWK : [http://tools.ietf.org/id/draft-jones-json-web-key-03.txt JSON Web Key]
</dd><dt> JWT&#160;</dt><dd> <a href="http://self-issued.info/docs/draft-jones-json-web-token.html">JSON Web Token</a>
; JWS : [http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-01 JSON Web Signature]
</dd></dl>
; JWT : [http://self-issued.info/docs/draft-jones-json-web-token.html JSON Web Token]
<h3> Data format </h3>
 
<dl><dt> receipt input&#160;</dt><dd> Input is expected to be in a plaintext JWT format with additional fields as defined by the <a href="https://wiki.mozilla.org/Apps/WebApplicationReceipt">Web Application Receipt</a> wiki page. Since it is a JWT format, UTF-8 is REQUIRED.
=== Data format ===
</dd></dl>
; receipt input : Input is expected to be in a plaintext JWT format with additional fields as defined by the [https://wiki.mozilla.org/Apps/WebApplicationReceipt Web Application Receipt] wiki page. Since it is a JWT format, UTF-8 is REQUIRED.
<pre class="_fck_mw_lspace">{
 
typ: "purchase-receipt",
{
product: {
  typ: "purchase-receipt",
  url: "https://grumpybadgers.com",
  product: {
  storedata: "5169314356"
    url: "https://grumpybadgers.com",
},
    storedata: "5169314356"
user: {
  },
  type: "email",
  user: {
  value: "pseud-123gBm51jc56s@idprovider.com"
    type: "email",
},
    value: "pseud-123gBm51jc56s@idprovider.com"
iss: "https://appstore.com",
  },
nbf: 131360185,
  iss: "https://appstore.com",
iat: 131360188,
  nbf: 131360185,
detail: "https://appstore.com/receipt/5169314356",
  iat: 131360188,
verify: "https://appstore.com/verify/5169314356"
  detail: "https://appstore.com/receipt/5169314356",
}
  verify: "https://appstore.com/verify/5169314356"
</pre>
}
<p><br />
 
</p>
 
<h2> API </h2>
== API ==
<dl><dt> POST http</dt><dd>//&lt;endpoint-url&gt;/sign&#160;: Takes a receipt in the Receipt format. Returns a BrowserID style certificate chain followed by the signed receipt.<br />
; POST http://<endpoint-url>/sign : Takes a receipt in the Receipt format. Returns a BrowserID style certificate chain followed by the signed receipt.<br>
</dd></dl>
<root key certificate>"~"<ephemeral key certificate>"~"<signed receipt>
<pre class="_fck_mw_lspace">&lt;root key certificate&gt;"~"&lt;ephemeral key certificate&gt;"~"&lt;signed receipt&gt;
</pre>
=== Definitions ===
<h3> Definitions </h3>
; root key certificate : a JWS encoded JWK that is self-signed
<dl><dt> root key certificate&#160;</dt><dd> a JWS encoded JWK that is self-signed
; ephemeral key certificate : a JWS encoded JWK that is signed by the root key and can be verified with the root key certificate
</dd><dt> ephemeral key certificate&#160;</dt><dd> a JWS encoded JWK that is signed by the root key and can be verified with the root key certificate
; signed receipt : a JWT that is signed by the current ephemeral key certificate
</dd><dt> signed receipt&#160;</dt><dd> a JWT that is signed by the current ephemeral key certificate
 
</dd></dl>
== HTTP response codes ==
<h3> HTTP response codes </h3>
; 200 OK : The request was processed successfully and the server is returning a signed receipt
<dl><dt> 200 OK&#160;</dt><dd> The request was processed successfully and the server is returning a signed receipt
; 400 Bad Request : The request itself is malformed or the data supplied with the request is invalid.
</dd><dt> 400 Bad Request&#160;</dt><dd> The request itself is malformed or the data supplied with the request is invalid.
; 401 Unauthorized : The authentication credentials are invalid.  At the moment authorization consists of a simple whitelist of IPs.  In the future this may be used to indicate a BrowserID or other authentication mechanism has failed or the credentials are not authorized to use the service.
</dd><dt> 401 Unauthorized&#160;</dt><dd> The authentication credentials are invalid.  At the moment authorization consists of a simple whitelist of IPs.  In the future this may be used to indicate a BrowserID or other authentication mechanism has failed or the credentials are not authorized to use the service.
; 409 Conflict : The nbf, iat, or iss specified in the input are invalid for the root key(in the case of a mismatching iss) or the nbf or iat fields are outside the ephemeral key's window of signing validity.
</dd><dt> 409 Conflict&#160;</dt><dd> The nbf, iat, or iss specified in the input are invalid for the root key(in the case of a mismatching iss) or the nbf or iat fields are outside the ephemeral key's window of signing validity.
; 503 Service Unavailable : Indicates that the server(s) are undergoing maintenance.
</dd><dt> 503 Service Unavailable&#160;</dt><dd> Indicates that the server(s) are undergoing maintenance.
</dd></dl>

Latest revision as of 16:52, 11 April 2012

General Info

Definitions

endpoint-url
The full URI for the service including the version string for the API as defined below
version string
This revision of the protocol is 1.0 so the version string is "/1.0/"

Abbreviations

JWK
JSON Web Key
JWS
JSON Web Signature
JWT
JSON Web Token

Data format

receipt input
Input is expected to be in a plaintext JWT format with additional fields as defined by the Web Application Receipt wiki page. Since it is a JWT format, UTF-8 is REQUIRED.
{
 typ: "purchase-receipt",
 product: {
   url: "https://grumpybadgers.com",
   storedata: "5169314356"
 },
 user: {
   type: "email",
   value: "pseud-123gBm51jc56s@idprovider.com"
 },
 iss: "https://appstore.com",
 nbf: 131360185,
 iat: 131360188,
 detail: "https://appstore.com/receipt/5169314356",
 verify: "https://appstore.com/verify/5169314356"
}


API

POST http
//<endpoint-url>/sign : Takes a receipt in the Receipt format. Returns a BrowserID style certificate chain followed by the signed receipt.
<root key certificate>"~"<ephemeral key certificate>"~"<signed receipt>

Definitions

root key certificate
a JWS encoded JWK that is self-signed
ephemeral key certificate
a JWS encoded JWK that is signed by the root key and can be verified with the root key certificate
signed receipt
a JWT that is signed by the current ephemeral key certificate

HTTP response codes

200 OK
The request was processed successfully and the server is returning a signed receipt
400 Bad Request
The request itself is malformed or the data supplied with the request is invalid.
401 Unauthorized
The authentication credentials are invalid. At the moment authorization consists of a simple whitelist of IPs. In the future this may be used to indicate a BrowserID or other authentication mechanism has failed or the credentials are not authorized to use the service.
409 Conflict
The nbf, iat, or iss specified in the input are invalid for the root key(in the case of a mismatching iss) or the nbf or iat fields are outside the ephemeral key's window of signing validity.
503 Service Unavailable
Indicates that the server(s) are undergoing maintenance.
Retrieved from "https://wiki.mozilla.org/index.php?title=Apps/WebApplicationReceipt/SigningService&oldid=419062"