All SSP tokens implement JWT standard as defined in RFC 7519. It is therefore structured in three parts:
Each part is base-64 encoded and separated with a "." (dot):
base64Encode(header) + "." + base64Encode(payload) + "." + base64Encode(signature)
In order to build signature, token's header and payload are signed:
- Signing key used corresponds to the SSP tenant's credential identified by "kid" claim from the token's header.
- Algorithm used is HMAC-SHA256 as described in https://tools.ietf.org/html/rfc7518 , section 5.2.
2. Sample
HEADER
{
"alg": "HS256",
"typ": "JWT",
"kid": "263953"
}
PAYLOAD
{
"typ": "DevAuthN",
"ver": "John Doe",
"exp": 1516239022,
"tenantId": "VOD197TC",
"deviceId": "Nagra_test_device_0123"
}
VERIFY SIGNATURE
RESULT
.
eyJ0eXAiOiJEZXZBdXRoTiIsInZlciI6IkpvaG4gRG9lIiwiZXhwIjoxNTE2MjM5MDIyLCJ0ZW5hbnRJZCI6IlZPRDE5N1RDIiwiZGV2aWNlSWQiOiJOYWdyYV90ZXN0X2RldmljZV8wMTIzIn0.
YwmO0Gu6TYlYbvXMIiHkoDfm9y4jJ7Nhq2s-QqaedGc
To create an SSP token, please refer to:
4. Available SSP Tokens
Refer to → Related content