1. About
This page defines the format of the Authentication Token. This token needs to be generated and used by service providers for each request performed on SSP backend services like ADM, RMG, IMS or CKM.
2.1. Schema
{"$schema":"http://json-schema.org/draft-04/schema#","title":"SSP Token Header Schema","required":["typ","alg","kid"],"properties":{"typ":{"description":"JSON Web Token type","type":"string","value":"JWT"},"alg":{"description":"Hashing algorithm used","type":"string","value":"HS256"},"kid":{"description":"Identifier of the credential used to sign the token","type":"string"}}}
2.2. Sample
{"typ":"JWT","alg":"HS256","kid":"263953"}
3. Payload
3.1. Schema
{"$schema":"http://json-schema.org/draft-04/schema#","title":"Authentication Token Payload Schema","required":["typ","ver"],"properties":{"typ":{"description":"Authentication token type","type":"string","value":"AuthN"},"ver":{"description":"Authentication token version","type":"string","value":"1.0"},"exp":{"description":"Expiration date of the token, as Epoch time in secs","type":"integer","minimum":0,"maximum":4294967295}}}
3.2. Diagram
3.3. Sample
{"typ":"AuthN","ver":"1.0","exp":1463326662}
4. Signature
In order to build signature, token's header and payload are signed:
- Signing key used corresponds to the SSP tenant's credential identified by "kid" claim from the token's header.
- Algorithm used is HMAC-SHA256 as described in https://tools.ietf.org/html/rfc7518, section 5.2.
