cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Signature creation during OpenID Connect authentication

Go to solution
flukic
Explorer

on ‎2020 Jun 26 4:49 PM

0 Kudos
401

Hi all,

we are currently in the process of setting up our CDC as OP in the OIDC federated scenario.
We are implementing each of the pages and have come to a point of signature creation during the consent endpoint step.
How exactly should the serverside logic for signature creation look like?

Our serverside is in Java. After going in detail through the OpenID Provider Setup documentation and serverside SDKs documentation - we would like to utilize the calcSigature() method of SigUtils class.
However, it seems that this method is not present only in Java SDK.

Is this an issue with the documentation or we can use some other method (maybe getOAuth1Signature())?

Any help or information on this is highly welcomed!

Thanks in advance,
Filip

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

romaingorrias
Product and Topic Expert
Product and Topic Expert
‎2020 Jun 30 10:22 AM

Hi Filip,

This seems to be an issue with the doc as the calcSignature() method is present in the SDK. Remember to pass the userKey/applicationKey as a parameter to your consent endpoint (https://developers.gigya.com/display/GD/OpenID+Provider+Setup#OpenIDProviderSetup-UserAndApplication...) and use the corresponding user/application secret in the calcSignature method rather than the partner secret.

Hope this helps.

Romain.

Show replies
Show replies
romaingorrias
Product and Topic Expert
Product and Topic Expert
‎2020 Jun 30 10:24 AM
0 Kudos

note I have raised this with our technical writers, hoping for an updated reference in the near future.

flukic
Explorer
‎2020 Jun 30 11:19 AM

Hi Romain, thanks for the answer!

We also got a confirmation that getOAuth1Signature can be used, it seems that it calls calcSignature() method in the background.

Also, I definitely agree with the approach of using a dedicated application key/secret for signature creation in this case. We will create a dummy key/secret that will be used only for this purpose and the key will be passed back to the proxy page.

Answers (0)

Ask a Question
Top Q&A Solution Author
View all