Skip to content

Instantly share code, notes, and snippets.

/index.html

Created August 27, 2016 17:01
Show Gist options
  • Save anonymous/710401a804882c051ae734e97696dfb3 to your computer and use it in GitHub Desktop.
Save anonymous/710401a804882c051ae734e97696dfb3 to your computer and use it in GitHub Desktop.
Download ZIP
JS Bin // source http://jsbin.com/jaleyewudo
Raw
index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>JS Bin</title>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/core-min.js"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/hmac-sha1.js"></script>
</head>
<body>
<script id="jsbin-javascript">
// secret HMAC key
var secret = 'skKaTT2dJRXSH3sMxkZ2aWY95jfTeX';
var data = {
expires: (new Date()).getTime() + 1000*60*60*24,
userId: 'EjuKNCcMjUaxk',
randomData: 'hello'
};
// encode it as base64 so it is HTTP safe.
function createTokenData(data) {
return btoa(JSON.stringify(data));
}
var tokendata64 = createTokenData(data);
console.log('Token Data: ', data, tokendata64);
// note that I have included SHA1 HMAC creator from here:
// http://code.google.com/p/crypto-js/
function hmac_sha1(key, message) {
//console.log('Creating HMAC for message: ' + message);
return CryptoJS.HmacSHA1(message, key).toString();
}
// this takes strings
console.log('Computing HMAC...');
var signature = hmac_sha1(secret, tokendata64);
console.log('The signature: ', signature);
// token delimeter will be a tilda. It should be safe in a GET query param
var accesstoken = signature + '~' + tokendata64;
console.log('Our access token: ', accesstoken);
// We will pull the data backout into a javascript object
// and check to see if the signature is valid!
function parseToken(token, secretkey){
// split by token delimeter
var parts = token.split('~');
var signature = parts[0];
var data = parts[1];
var verifysig = hmac_sha1(secretkey, data);
var tokenInformation = {
data: JSON.parse(atob(data)),
signature: signature,
valid: false
};
if(signature === verifysig) {
tokenInformation.valid = true;
}
return tokenInformation;
}
var parsed = parseToken(accesstoken, secret);
console.log('Parsed token Data: ', parsed);
if(parsed.valid) {
console.log('Parsed token has a valid signature!');
}
</script>
<script id="jsbin-source-javascript" type="text/javascript">// secret HMAC key
var secret = 'skKaTT2dJRXSH3sMxkZ2aWY95jfTeX';
var data = {
expires: (new Date()).getTime() + 1000*60*60*24,
userId: 'EjuKNCcMjUaxk',
randomData: 'hello'
};
// encode it as base64 so it is HTTP safe.
function createTokenData(data) {
return btoa(JSON.stringify(data));
}
var tokendata64 = createTokenData(data);
console.log('Token Data: ', data, tokendata64);
// note that I have included SHA1 HMAC creator from here:
// http://code.google.com/p/crypto-js/
function hmac_sha1(key, message) {
//console.log('Creating HMAC for message: ' + message);
return CryptoJS.HmacSHA1(message, key).toString();
}
// this takes strings
console.log('Computing HMAC...');
var signature = hmac_sha1(secret, tokendata64);
console.log('The signature: ', signature);
// token delimeter will be a tilda. It should be safe in a GET query param
var accesstoken = signature + '~' + tokendata64;
console.log('Our access token: ', accesstoken);
// We will pull the data backout into a javascript object
// and check to see if the signature is valid!
function parseToken(token, secretkey){
// split by token delimeter
var parts = token.split('~');
var signature = parts[0];
var data = parts[1];
var verifysig = hmac_sha1(secretkey, data);
var tokenInformation = {
data: JSON.parse(atob(data)),
signature: signature,
valid: false
};
if(signature === verifysig) {
tokenInformation.valid = true;
}
return tokenInformation;
}
var parsed = parseToken(accesstoken, secret);
console.log('Parsed token Data: ', parsed);
if(parsed.valid) {
console.log('Parsed token has a valid signature!');
}</script></body>
</html>
Raw
jsbin.jaleyewudo.js
// secret HMAC key
var secret = 'skKaTT2dJRXSH3sMxkZ2aWY95jfTeX';
var data = {
expires: (new Date()).getTime() + 1000*60*60*24,
userId: 'EjuKNCcMjUaxk',
randomData: 'hello'
};
// encode it as base64 so it is HTTP safe.
function createTokenData(data) {
return btoa(JSON.stringify(data));
}
var tokendata64 = createTokenData(data);
console.log('Token Data: ', data, tokendata64);
// note that I have included SHA1 HMAC creator from here:
// http://code.google.com/p/crypto-js/
function hmac_sha1(key, message) {
//console.log('Creating HMAC for message: ' + message);
return CryptoJS.HmacSHA1(message, key).toString();
}
// this takes strings
console.log('Computing HMAC...');
var signature = hmac_sha1(secret, tokendata64);
console.log('The signature: ', signature);
// token delimeter will be a tilda. It should be safe in a GET query param
var accesstoken = signature + '~' + tokendata64;
console.log('Our access token: ', accesstoken);
// We will pull the data backout into a javascript object
// and check to see if the signature is valid!
function parseToken(token, secretkey){
// split by token delimeter
var parts = token.split('~');
var signature = parts[0];
var data = parts[1];
var verifysig = hmac_sha1(secretkey, data);
var tokenInformation = {
data: JSON.parse(atob(data)),
signature: signature,
valid: false
};
if(signature === verifysig) {
tokenInformation.valid = true;
}
return tokenInformation;
}
var parsed = parseToken(accesstoken, secret);
console.log('Parsed token Data: ', parsed);
if(parsed.valid) {
console.log('Parsed token has a valid signature!');
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment