Skip to content

IP address and signing data order in token are swapped #20

Description

@reinux

In the tutorial, it's indicated that the client IP comes before the signing data (here called encoded_query_parameters):

Base64Encode(
    SHA256_RAW(token_security_key + signed_url + expiration + (optional)remote_ip + (optional)encoded_query_parameters)
)

In the docs, it's the other way around:

token = "HS256-" + Base64URL(HMAC-SHA256(security_key, signature_path + expires + signing_data + user_ip))

At least in my case, the tutorial seems to be correct.

On the other hand, at least in the C# sample, it follows the docs.

Not too sure what's going on here, but I think the docs need to be updated probably?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions