aboutsummaryrefslogtreecommitdiffstats
path: root/doc/html/post_8php.html
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-12-27 21:19:23 -0800
committerfriendica <info@friendica.com>2013-12-27 21:19:23 -0800
commit121ee48963f7da0aec45b94163d68f23a36c7744 (patch)
treea3589687e2716ec0abd52859f4447e9f91291177 /doc/html/post_8php.html
parentc59688553c6f681fe7a11479b69dce8c3cd308dc (diff)
downloadvolse-hubzilla-121ee48963f7da0aec45b94163d68f23a36c7744.tar.gz
volse-hubzilla-121ee48963f7da0aec45b94163d68f23a36c7744.tar.bz2
volse-hubzilla-121ee48963f7da0aec45b94163d68f23a36c7744.zip
sslify - remove the redirect fallback - as it gets called occasionally and creates mixed content exceptions. Let's see how we go without it. Also a doc update.
Diffstat (limited to 'doc/html/post_8php.html')
-rw-r--r--doc/html/post_8php.html2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/html/post_8php.html b/doc/html/post_8php.html
index 518ca703d..ca5ac2fb3 100644
--- a/doc/html/post_8php.html
+++ b/doc/html/post_8php.html
@@ -141,7 +141,7 @@ Functions</h2></td></tr>
<p>The sender of this packet is an arbitrary/random site channel. The recipients will be a single recipient corresponding to the guid and guid_sig we have associated with the requesting auth identity</p>
<p>{ "type":"auth_check", "sender":{ "guid":"kgVFf_...", "guid_sig":"PT9-TApz...", "url":"http:\/\/podunk.edu", "url_sig":"T8Bp7j..." }, "recipients":{ { "guid":"ZHSqb...", "guid_sig":"JsAAXi..." } } "callback":"\/post", "version":1, "secret":"1eaa661", "secret_sig":"eKV968b1..." }</p>
<p>auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the destination channel's private key and base64url encoded. If everything checks out, a json packet is returned:</p>
-<p>{ "success":1, "confirm":"q0Ysovd1u..." "service_class":(optional) }</p>
+<p>{ "success":1, "confirm":"q0Ysovd1u..." "service_class":(optional) "level":(optional) }</p>
<p>'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is a string whose contents are not defined by protocol. Example: "basic" or "gold".</p>
</div>