This repository has been archived by the owner on May 13, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Generating the req_token
Liam Jack edited this page Sep 22, 2015
·
3 revisions
The req_token is a dynamically generated authentication cookie. It takes a token and a timestamp as inputs and outputs a mix of two SHA-256 hashes, the mix is specified by the HASH_PATTERN global variable.
When the user is not logged in, the token used is the STATIC_TOKEN (See Global variables). If the user is logged in, the token used is the user's auth_token, which is provided by the /loq/login endpoint.
function getRequestToken($token, $timestamp)
{
$hash1 = hash("sha256", SECRET . $token);
$hash2 = hash("sha256", $timestamp . SECRET);
$return = "";
for($i = 0; $i < strlen(HASH_PATTERN); $i++)
{
if(substr(HASH_PATTERN, $i, 1)) {
$return .= $hash2[$i];
} else {
$return .= $hash1[$i];
}
}
return $return;
}
def request_token(token, timestamp):
first = hashlib.sha256(SECRET + token).hexdigest()
second = hashlib.sha256(str(timestamp) + SECRET).hexdigest()
bits = [first[i] if c == "0" else second[i] for i, c in enumerate(pattern)]
return "".join(bits)
Run the function with token = STATIC_TOKEN and timestamp = 1440465889080. You should have the following output:
930f125c0c2127086e5124e6f4ae9ba4a0e24d8919210a8bc9b43f14d6c51ebb