Documentation You are here: start » v » 2.0 » sso

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
v:2.0:sso [2019/05/01 02:04]
adam [Example 2: Automatically logging the user in on YOUR website]
v:2.0:sso [2019/11/04 07:30] (current)
foxybrett [The Details]
Line 65: Line 65:
   * ''​fc_auth_token'':​ The authentication token is a SHA-1 hash of the FoxyCart customer ID (available through the [[api|API]]),​ the expiration timestamp, and [[v:​2.0:​store_secret|the store'​s secret key]]. These values are separated by ''​|''​ (the pipe symbol). Here's what it might look like in PHP:<​code php>   * ''​fc_auth_token'':​ The authentication token is a SHA-1 hash of the FoxyCart customer ID (available through the [[api|API]]),​ the expiration timestamp, and [[v:​2.0:​store_secret|the store'​s secret key]]. These values are separated by ''​|''​ (the pipe symbol). Here's what it might look like in PHP:<​code php>
 $auth_token = sha1($customer_id . '​|'​ . $timestamp . '​|'​ . $foxycart_secret_key);​ $auth_token = sha1($customer_id . '​|'​ . $timestamp . '​|'​ . $foxycart_secret_key);​
-</​code>​ or in Ruby: <code ruby>​Digest::​SHA1.hexdigest("#​{customer_id}|#​{timestamp}|#​{foxycart_secret_key}"​)</​code>​+</​code>​ or in Ruby: <code ruby>​Digest::​SHA1.hexdigest("#​{customer_id}|#​{timestamp}|#​{foxycart_secret_key}"​)</​code>​ or JavaScript: <code javascript>​const crypto = require('​crypto'​);​ 
 +module.exports.generateSsoUri = function (customerId,​ timestamp, secret, sessionId) { 
 +  if (!customerId || !timestamp || !secret) { 
 +    return false; 
 +  } 
 +  let stringToSign = `${customerId}|${timestamp}|${secret}`;​ 
 +  let token = crypto.createHash('​sha1'​).update(""​ + stringToSign).digest('​hex'​);​ 
 +  let uri = `https://​${storeDomain}/​checkout?​fc_customer_id=${customerId}&​timestamp=${timestamp}&​fc_auth_token=${token}`;​ 
 +  if (sessionId && validator.isAlphanumeric(sessionId)) { 
 +    uri += `&​fcsid=${sessionId}`;​ 
 +  } 
 +  return uri; 
 +}</​code>​
     * It is critically important to note that the ''​timestamp''​ value you hash must match the ''​timestamp''​ value you send in the clear (below). Again, the ''​timestamp''​ provided //to// your endpoint must not be used when passed back to FoxyCart, as that timestamp will already be in the past.     * It is critically important to note that the ''​timestamp''​ value you hash must match the ''​timestamp''​ value you send in the clear (below). Again, the ''​timestamp''​ provided //to// your endpoint must not be used when passed back to FoxyCart, as that timestamp will already be in the past.
   * ''​fcsid'':​ The FoxyCart session ID. This is necessary to prevent issues with users with 3rd party cookies disabled and stores that are not using a custom subdomain.   * ''​fcsid'':​ The FoxyCart session ID. This is necessary to prevent issues with users with 3rd party cookies disabled and stores that are not using a custom subdomain.

Site Tools