Class SigUtils

Skip to end of metadata
Go to start of metadata

 

This class is a utility class with static methods for calculating and validating cryptographic signatures.

When using signatures with a Gigya user key or Gigya Application key, you must use accounts.exchangeUIDSignature REST to exchange the received signature, default Gigya signature validation always uses the Partner secret, not  a user or application key secret.

 

 

Methods

Method Description
static bool

ValidateUserSignature(

string UID,

string timestamp,

string secret,

string signature

)

Use this method to verify the authenticity of a socialize.getUserInfo or accounts.getAccountInfo API methods response, to make sure that it is in fact originating from Gigya, and prevent fraud.

Pass the required fields as the corresponding parameters of this method, along with your Partner's secret key. Your secret key (provided in BASE64 encoding) is located at the bottom of the Dashboard section on Gigya's website.

If you do not have access to the Partner secret, you can use exchangeUIDSignature to generate a new UIDSignature that is able to be verified with a userKey or application secret instead.

The return value of the method indicates if the signature is valid (thus, originating from Gigya) or not.

Properties (standard):

  • UID : User's UID
  • timestamp : signatureTimestamp
  • secret : Partner secret
  • signature : UIDSignature

Properties (when using accounts.exchangeUIDSignature):

  • UID : User's UID
  • timestamp : signatureTimestamp returned from exchangeUIDSignature
  • secret : The userKey or application secret used with exchangeUIDSignature
  • signature : The UIDSignature returned from exchangeUIDSignature
static bool

ValidateFriendSignature(

string UID,

string timestamp,

string friendUID,

string secret,

string signature

)

Use this method to verify the authenticity of a socialize.getFriendsInfo API method response, to make sure that it is in fact originating from Gigya, and prevent fraud. The socialize.getFriendsInfo API method response data include the following fields:

  • UID
  • signatureTimestamp
  • friendshipSignature (a cryptographic signature).

Pass these fields as the corresponding parameters of this method, along with your partner's "Secret Key". Your secret key (provided in BASE64 encoding) is located at the bottom of the Dashboard section on Gigya's website.

The return value of the method indicates if the signature is valid (thus, originating from Gigya) or not.

static string

CalcSignature(

string algorithmName,

string baseString,

string key

)

This is a utility method for generating a cryptographic signature. Parameters:
  • algorithmName - the algorithm for calculating the signature. The options are: "HmacSHA256" or "HmacSHA1".
  • baseString - the base string for signing.
  • key - the key for signing. Use your partner's "Secret Key" as the signing key.
static string

GetDynamicSessionSignature(

string glt_cookie,

int timeoutInSeconds,

string secret

)

This is a utility method for generating the cookie value of a dynamic session expiration cookie. Use this method as part of implementing dynamic control over login session expiration, in conjunction with assigning the value '-1' to the sessionExpiration parameter of the client side login methods (i.e. showLoginUI / login). Learn more in the Control Session Expiration guide. This method's parameters:
  • glt_cookie - the login token received from Gigya after successful Login. Gigya stores the token in a cookie named: "glt_" +
  • timeoutInSeconds - how many seconds until session expiration. For example, if you would like the session to expire in 5 minutes set this parameter to 300.
  • secret - your Gigya "Secret Key", is provided, in BASE64 encoding, at the bottom of the  Dashboard page on the Gigya's website.