Download the PHP package spiderrobb/signed-request without Composer
On this page you can find all versions of the php package spiderrobb/signed-request. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download spiderrobb/signed-request
More information about spiderrobb/signed-request
Files in spiderrobb/signed-request
Package signed-request
Short Description Simple Class for encoding and decoding SignedRequests that support a number of features and hash algorithms
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package signed-request
SignedRequest (v.1.0.0)
The SignedRequest class is an easy and feature rich way to encode and decode signed requests. Signed requests are used by companies such as Facebook, Kongregate, and Salesforce to pass data to 3rd party applications in a secure and reliable way.
Note: SignedRequest does not Encrypt your data, it Encodes your data. All data inside a SignedRequest can be read by anyone. SignedRequest's are useful when you want to trust the data.
Format
A signed request is a concatenation of a HMAC SHA-256 (HMAC SHA-256 by default) signature string, a period (.), and a base64url encoded JSON object. It looks somthing like this (without the newlines).:
The Signed request consists of a signature and a payload SIGNATURE.PAYLOAD
Basic Use
The most basic use of a signed request is to encode the data with a secret, and pass the data through HTTP POST or GET, then decode the signed request using the same secret. The Simplest use is:
Features
Support for multiple hash algorithms
Hash algorithms supported include all algorithms in php hash_algos
Example:
To get a list of supported algorithms you can use the function:
Expiration Date
The ability to specify a specific date for the signed request to expire. (unix time stamp format)
Example:
Time to Expire
The ability to specify an amount of time (in seconds) until the signed requests expires.
Example:
Method Validation
Using best practice the same secret should not be used in multiple situations. Say you want to encode an id for an object1, so you encode data like this:
Now you want to encode an id for an object2 so you encode it the same way:
If the same secret is used in both examples than it is possible for sombody to take a secret for object1 and use it in a different context for object2.
To protect yourself from this security hazard you can use the method option.
Example:
All versions of signed-request with dependencies
ext-json Version *