In the tutorial, it's indicated that the client IP comes before the signing data (here called encoded_query_parameters):
Base64Encode(
SHA256_RAW(token_security_key + signed_url + expiration + (optional)remote_ip + (optional)encoded_query_parameters)
)
In the docs, it's the other way around:
token = "HS256-" + Base64URL(HMAC-SHA256(security_key, signature_path + expires + signing_data + user_ip))
At least in my case, the tutorial seems to be correct.
On the other hand, at least in the C# sample, it follows the docs.
Not too sure what's going on here, but I think the docs need to be updated probably?
In the tutorial, it's indicated that the client IP comes before the signing data (here called
encoded_query_parameters):In the docs, it's the other way around:
At least in my case, the tutorial seems to be correct.
On the other hand, at least in the C# sample, it follows the docs.
Not too sure what's going on here, but I think the docs need to be updated probably?