edgio / ectoken Goto Github PK
View Code? Open in Web Editor NEWToken Generator for Edgio Token-Based Authentication from Edgio
Token Generator for Edgio Token-Based Authentication from Edgio
Implementation of ectoken in PHP applications is hindered in environments that don't allow the installation of custom PHP extensions.
I am developing a native PHP implementation that will have similar platform requirements as the existing php-ectoken implementation (PHP 5.4+ or PHP 7.x+, with or without openssl or mbstring modules) but which will not require a PHP extension.
A PR will be forthcoming. (from my other Github account. Whoops!)
The encryption logic is not idempotent. We found that even if the encrypted value is manipulated, we get the same decrypted value from the SDK and also on the Azure CDN Profile Management portal. I used your class https://github.com/VerizonDigital/ectoken/blob/master/c%23-ectoken/ecencryptstdlib/ECTokenGenerator.cs to do some analysis and found following -
Key
si9sK_jvSALTrlXIVMI4CgIGuu1MJeHXH0B3HxuRP48N5ZYwSa
Phrase
&ec_expire=1000000000
Encrypted Value
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2Q
Mutation of Encrypted Values giving same phrase back on decryption
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2R
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2S
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2T
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2U
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2V
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2W
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2X
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2Y
MvBF32ldv2tDtT1QpggWPqENfoxZYmz_ijChwt6O1xenQfoTenOiTuzvVuiUJT2J2Z
Request to add https://www.rust-lang.org/ support for token generation/decryption and lib for integrating in end applications.
The .net core version works nicely, execept it doenst generate EXACTLY the same tokens as the online tool does when using Azure CDN. I wonder of it might be to do with the order of the parameters that get encoded?
Request to add golang support for token generation/decryption.
In the C# implementation, EncryptV3
expects an optional parameter called allowedUrls
.
But the call to the overloaded EncryptV3
doesn't pass this parameter along, making it not possible to restrict urls if using this signature.
I made a pull request that adds this missing parameter declaration: #15
Is there any intent in making a NuGet package with the c# lib available?
The binaries are not available in the Releases Tab. Please include the binaries and/or the instructions to build.
Is a NodeJS version planned?
I'd like to develop Elixir support to encrypt / decrypt tokens for Azure CDN / Verizon Premium.
I saw other languages, but it's not clear what is need to correct generate and verify V3 tokens.
I'v created primary and backup keys with openssl rand, and it's working with Azure Portal (https://cdn.windowsazure.com/http/token/default.aspx).
Is there a documentation or general ideia to help us convert to elixir community?
Depends on BouncyCastle.Crypto which does not exist in dotnet core.
Last publish was 6 years ago, and I wonder if it is still safe to use it.
In the root folder there is a Apache License defined, but in the source code of the token generation we found this part in the source files:
"Use of source and binary forms, with or without modification is permitted provided that there is written consent by EdgeCast Networks, Inc. Redistribution in source and binary forms is not permitted."
This basically requires every Azure CDN customer who wants to use the token authentication to get a written consent by EdgeCast Networks. Also the second part forces each customer to adapt the code to use it in production instead of making use of an open source contribution to ease the process f.e. by using an extended library provided as nugget package from open source contributors.
Could you please clarify on that?
Thnx
Andreas
We are planning on integrating EdgeCast into our backend system which is written in NodeJS. Would you be open to a Pull Request with a NodeJS implementation of ectoken?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.