Jump to content

You're browsing the 2004-2023 VATSIM Forums archive. All content is preserved in a read-only fashion.
For the latest forum posts, please visit https://forum.vatsim.net.

Need to find something? Use the Google search below.
PLEASE READ - Webmaster Support Forum
This forum will be retired in the near future. Please direct all queries to our dedicated GitHub support page https://github.com/vatsimnetwork/developer-info/discussions 
Here you can find documentation on our services and we are continuing to migrate pertinent information into the Wiki pages https://github.com/vatsimnetwork/developer-info/wiki

RSA/HMAC Credentials

Kieran Hardern

By Kieran Hardern,
in SSO

 Share

Recommended Posts

Kieran Hardern

Kieran Hardern

Posted
Posted

A small note that I haven't mentioned, though you may have noticed if you look through the example code/OAuth spec.

 

If you're using HMAC your signature consists of your encrypted secret string(s). On the other hand if you're using RSA, the signature does not include your secret (the keypair itself is essentially the verification of identity). With this in mind, please ensure you do 2 things when setting up a remote system:

 

First, try to stick to one authentication method for each system (after testing). When you decide which one you are using, make sure the other one is turned off on the live system (this can be done through the 'My SSO Sites' > 'Authentication Methods' settings).

 

Second, I'd recommend that you don't leave your config file (or equivalent) with both the secret key and the RSA private key in. Pick the one you need for the method you are using and then store the other one somewhere else (preferably not on the server).

 

 

Both of the above are me being OTT with security, you can get away with not following either of them and it's no big deal... but it is good practice!

Link to comment
Share on other sites
 Share
Go to topic listing