If you are using Contego/Conax products, please refer to the documentation available at https://doc.integra.nagra.com/.







1. Format


All SSP tokens implement JWT standard as defined in RFC 7519. It is therefore structured in three parts:

  • header
  • payload
  • signature

Each part is base-64 encoded and separated with a "." (dot):

base64Encode(header) + "." + base64Encode(payload) + "." + base64Encode(signature)

In order to build signature, token's header and payload are signed:

  • Signing key used corresponds to the SSP tenant's credential identified by "kid" claim from the token's header.
  • Algorithm used is HMAC-SHA256 as described in  https://tools.ietf.org/html/rfc7518 , section 5.2.

2. Sample


HEADER


PAYLOAD


VERIFY SIGNATURE

HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
) secret base64 encoded


RESULT


eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjI2Mzk1MyJ9.
eyJ0eXAiOiJEZXZBdXRoTiIsInZlciI6IkpvaG4gRG9lIiwiZXhwIjoxNTE2MjM5MDIyLCJ0ZW5hbnRJZCI6IlZPRDE5N1RDIiwiZGV2aWNlSWQiOiJOYWdyYV90ZXN0X2RldmljZV8wMTIzIn0.
YwmO0Gu6TYlYbvXMIiHkoDfm9y4jJ7Nhq2s-QqaedGc

3. Tools

To create an SSP token, please refer to:

4. Available SSP Tokens

Refer to → Related content