Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
v:2.0:sso [2019/05/01 02:04] – [Example 2: Automatically logging the user in on YOUR website] adam | v:2.0:sso [2019/11/04 07:30] – [The Details] foxybrett |
---|
* ''fc_auth_token'': The authentication token is a SHA-1 hash of the FoxyCart customer ID (available through the [[api|API]]), the expiration timestamp, and [[v:2.0:store_secret|the store's secret key]]. These values are separated by ''|'' (the pipe symbol). Here's what it might look like in PHP:<code php> | * ''fc_auth_token'': The authentication token is a SHA-1 hash of the FoxyCart customer ID (available through the [[api|API]]), the expiration timestamp, and [[v:2.0:store_secret|the store's secret key]]. These values are separated by ''|'' (the pipe symbol). Here's what it might look like in PHP:<code php> |
$auth_token = sha1($customer_id . '|' . $timestamp . '|' . $foxycart_secret_key); | $auth_token = sha1($customer_id . '|' . $timestamp . '|' . $foxycart_secret_key); |
</code> or in Ruby: <code ruby>Digest::SHA1.hexdigest("#{customer_id}|#{timestamp}|#{foxycart_secret_key}")</code> | </code> or in Ruby: <code ruby>Digest::SHA1.hexdigest("#{customer_id}|#{timestamp}|#{foxycart_secret_key}")</code> or JavaScript: <code javascript>const crypto = require('crypto'); |
| module.exports.generateSsoUri = function (customerId, timestamp, secret, sessionId) { |
| if (!customerId || !timestamp || !secret) { |
| return false; |
| } |
| let stringToSign = `${customerId}|${timestamp}|${secret}`; |
| let token = crypto.createHash('sha1').update("" + stringToSign).digest('hex'); |
| let uri = `https://${storeDomain}/checkout?fc_customer_id=${customerId}×tamp=${timestamp}&fc_auth_token=${token}`; |
| if (sessionId && validator.isAlphanumeric(sessionId)) { |
| uri += `&fcsid=${sessionId}`; |
| } |
| return uri; |
| }</code> |
* It is critically important to note that the ''timestamp'' value you hash must match the ''timestamp'' value you send in the clear (below). Again, the ''timestamp'' provided //to// your endpoint must not be used when passed back to FoxyCart, as that timestamp will already be in the past. | * It is critically important to note that the ''timestamp'' value you hash must match the ''timestamp'' value you send in the clear (below). Again, the ''timestamp'' provided //to// your endpoint must not be used when passed back to FoxyCart, as that timestamp will already be in the past. |
* ''fcsid'': The FoxyCart session ID. This is necessary to prevent issues with users with 3rd party cookies disabled and stores that are not using a custom subdomain. | * ''fcsid'': The FoxyCart session ID. This is necessary to prevent issues with users with 3rd party cookies disabled and stores that are not using a custom subdomain. |