How to sign system user token
•
Environment: cloud
Some tooltip text!
• 3 minutes to read
• 3 minutes to read
Before requesting a new system user ticket, you have to sign your system user token with your RSA private key. The timestamp is also updated.
The SignedSystemToken element has the following format:
- plain text system user token
- a period (.)
- a UTC date time formatted as YYYYMMddhhmm using leading zeros
- a period (.)
- a Base64-encoded, signed version of the first 3 items
For example:
System User Token.YYYYMMDDHHMM.mwhpYcNBfFqEaL0uLkCwXB99sM/Wo7DOnhjRwsmwNAd2EmBM1z+Co=
Pre-requisites
- Your application is approved and authorized.
- You have validated the claim and extracted the system user token from the
id_token
. - You have your private key file (obtained after application registration).
To sign the token
Concatenate the first 3 items:
PLAINTEXT_TOKEN.TIMESTAMP
.Using the partner's private certificate key, sign the concatenated items.
Base64 encode the signed result.
/// <summary>
/// Sign the token according to the system user specification.
/// </summary>
/// <param name="systemUserToken">An applications unique system user key for a tenant.</param>
/// <param name="privateKey">XML Formatted RSA public key.</param>
/// <returns>Signed system user string.</returns>
public string Sign(string systemUserToken, string privateKey)
{
var utcNow = DateTime.UtcNow.ToString("yyyyMMddHHmm");
var signThis = systemUserToken + "." + utcNow;
using (var rsaCryptoProvider = new RSACryptoServiceProvider())
{
rsaCryptoProvider.FromXmlString(privateKey);
var signature = rsaCryptoProvider.SignData(Encoding.UTF8.GetBytes(signThis), "SHA256");
return signThis + "." + Convert.ToBase64String(signature);
}
}