If you are using Contego/Conax products, please refer to the documentation available at https://doc.integra.nagra.com/.

1. Format

All SSP tokens implement JWT standard as defined in RFC 7519. It is therefore structured in three parts:

header
payload
signature

Each part is base-64 encoded and separated with a "." (dot):

base64Encode(header) + "." + base64Encode(payload) + "." + base64Encode(signature)

In order to build signature, token's header and payload are signed:

Signing key used corresponds to the SSP tenant's credential identified by "kid" claim from the token's header.
Algorithm used is HMAC-SHA256 as described in https://tools.ietf.org/html/rfc7518 , section 5.2.

2. Sample

HEADER

PAYLOAD

VERIFY SIGNATURE

HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
) secret base64 encoded

RESULT

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjI2Mzk1MyJ9.
eyJ0eXAiOiJEZXZBdXRoTiIsInZlciI6IkpvaG4gRG9lIiwiZXhwIjoxNTE2MjM5MDIyLCJ0ZW5hbnRJZCI6IlZPRDE5N1RDIiwiZGV2aWNlSWQiOiJOYWdyYV90ZXN0X2RldmljZV8wMTIzIn0.
YwmO0Gu6TYlYbvXMIiHkoDfm9y4jJ7Nhq2s-QqaedGc

3. Tools

To create an SSP token, please refer to:

JWT Token Creation (SSP-specific tool)
https://jwt.io/

4. Available SSP Tokens

Refer to → Related content