When designing and building resource endpoints, it is critical to verify the signature linked in the request headers to ensure that the request is coming from SSOfy.

Most web applications handle this in the middleware.

use SSOfy\SignatureGenerator;
use SSOfy\SignatureVerifier;
...
$generator = new SignatureGenerator();
$validator = new SignatureValidator($generator);

/** 
 * @var boolean $ok 
 */
$ok = $validator->verifyBase64Signature(
    $url, // current route url started with http:// or https://
    $params, // array combination of form and query parameters
    $secret, // your application secret
    $signature // signature in headers
);
ssofy Knowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.


Do you need support?
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.