_ _ _ ___(_)_ __ ___ _ __ | | ___ _ __ ___(_) __ _ _ __ _ __ / __| | '_ ` _ \| '_ \| |/ _ \| '_ \ / __| |/ _` | '_ \| '__| \__ \ | | | | | | |_) | | (_) | | | | \__ \ | (_| | | | | | |___/_|_| |_| |_| .__/|_|\___/|_| |_| |___/_|\__, |_| |_|_| |_| |___/
Signr creates an signed-request (also known as access token) by a given data array in combination with a secret key which is only known by the transmitter and receiver of the payload. By default the signed-request is secured against fraud through a hash_hmac signature. Additionally, if the data array holds a key named secret
all data within that key will be encrypted. To ensure that the signed-request can be send via URL it will be encoded via base64.
use Simplon\Signr\Signr;
$secretKeySignedRequest = '123456';
$data = [
'secret' => [
'user' => [
'gameUid' => 'xxx',
'email' => 'xxx',
'gameServerId' => 'xxx',
],
'order' => [
'checkoutUid' => 'xxx',
'inGameCurrency' => 'xxx',
'realCurrency' => 'xxx',
'currencyCode' => 'xxx',
'provider' => 'xxx',
'created' => 'xxx',
],
'partnerToken' => 'xxx',
],
];
// create signed request
$signedRequest = (new Signr())
->setData($data)
->setSecretKey($secretKeySignedRequest)
->create()
->getSignedRequest();
VaR6EKGui6clTkLSEVps-fzKgEy9BzEYvK-sWi59kTM.eyJzZWNyZXQiOiJrQ2RXRE50M280MUJvNkZ
cL1drS3lwVUtyeGJUMnB0SVB6eG4zdVBFV3FkMFlsYTc4UlpRWTVCZm55MFp6d3R1bHVzaU5pZDJHK1
BWRDN5VExVVFZwUEw5SHZCYkFTeXd4eGpBemxpajlvTXFOUHIrUFlwOVNVOTdhV1pHSGR5QnduTTBTd
1BYZW1FTXBhVGt6XC9iV3pHTlB6d3JaQ3cxdElHWUtpRDhIUGlOdks3QUorWDdmcTE1cHBrY3lUUHVJ
MUNQd283TXdMbGdPVDdkWWNnVVZCcWlqQjBQWWRZU3NwOElQYzRhYmQxejI5NlBmWmNZTDBBejlhOWo
2WE1CcnoiLCJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTM2MTc3ODYxMn0
use Simplon\Signr\Signr;
$signedRequest = 'xxxzzzyyy';
$secretKeySignedRequest = '123456';
// read data should result the following array...
$data = (new Signr())
->setSignedRequest($signedRequest)
->setSecretKey($secretKeySignedRequest)
->read()
->getData();
/*
$data = [
'secret' => [
'user' => [
'gameUid' => 'xxx',
'email' => 'xxx',
'gameServerId' => 'xxx',
],
'order' => [
'checkoutUid' => 'xxx',
'inGameCurrency' => 'xxx',
'realCurrency' => 'xxx',
'currencyCode' => 'xxx',
'provider' => 'xxx',
'created' => 'xxx',
],
'partnerToken' => 'xxx',
],
];
*/
Each signed request holds an issued time stamp which allows to test if a signed-request is expired. By default a signed-request never expires. Following an example how to test against a certain time stamp:
use Simplon\Signr\Signr;
$signedRequest = 'xxxzzzyyy';
$secretKeySignedRequest = '123456';
// lets hold the instance
$signr = new Signr()
->setSignedRequest($signedRequest)
->setSecretKey($secretKeySignedRequest)
->read();
// is expired?
$isExpired = $signr
->setExpireTimeMinutes(120) // time to run against the expiration
->isExpired();
if($isExpired === TRUE)
{
echo "SignedRequest is expired!";
}
- Refactored class pattern (builder pattern)
- Implemented
isExpired
to test against expiration