none
createAuthenticatedSessionToken: The signature of the request does not match the request parameters

    Question

  • I'm creating an app using the SODA Architecture. 

    I could successfully create an app and make the client to authorize it. 

    Result of newApplicationCreationInfo:

    <?xml version="1.0" encoding="UTF-8"?>
    <response>
       <status>
          <code>0</code>
       </status>
       <wc:info xmlns:wc="urn:com.microsoft.wc.methods.response.NewApplicationCreationInfo">
          <app-id>4417587e-46d1-49ee-a0fa-50dbfdcf932c</app-id>
          <shared-secret>gBksYDAqcuAUXK+zyvfFW9F0sy8nchwnplJ6K7aKmAM=</shared-secret>
          <app-token>AiAAANDl....A5b9fxVIlXEloouci6jGhY/A==</app-token>
       </wc:info>
    </response>

    I'm using the app-token to build the redirect url, and I get to authorize the new app. 

    then, using the new child app id and the shared-secret I built the 

    CreateAuthenticatedSessionToken:

    <?xml version="1.0" encoding="UTF-8"?>
    <wc-request:request xmlns:wc-request="urn:com.microsoft.wc.request">
       <header>
          <method>CreateAuthenticatedSessionToken</method>
          <method-version>2</method-version>
          <app-id>4417587e-46d1-49ee-a0fa-50dbfdcf932c</app-id>
          <language>en</language>
          <country>US</country>
          <msg-time>2013-01-01T00:00:00Z</msg-time>
          <msg-ttl>1800</msg-ttl>
          <version>2.0.0.0</version>
       </header>
       <info>
          <auth-info>
             <app-id>4417587e-46d1-49ee-a0fa-50dbfdcf932c</app-id>
             <credential>
                <appserver2>
                   <hmacSig algName="HMACSHA256">PcW4f9krD1O43O4JGBGEkqDlpatFIUUQY9JejHji0XA=</hmacSig>
                   <content>
                      <app-id>4417587e-46d1-49ee-a0fa-50dbfdcf932c</app-id>
                      <hmac>HMACSHA256</hmac>
                      <signing-time>2013-12-17T14:19:58.623Z</signing-time>
                   </content>
                </appserver2>
             </credential>
          </auth-info>
       </info>
    </wc-request:request>

    Being hmacSig value the encryption of "<content>....</content>" using shared-secret value as private key:

    hmacSig = Encodingutil.base64Encode(Crypto.generateMac('hmacSHA256', Blob.valueOf(body), Blob.valueOf(sharedSecret)))


    this returns an error code 11: The signature of the request does not match the request parameters.

    I'm using the following endpoint: https://platform.healthvault-ppe.com/platform/wildcat.ashx
    Also the redirection url I received after authorizing the app contains the following: 
    https://<MY_URL>/?gws_rd=cr&ei=h5ewUuKLJa7IsASc4YHIAw I'm not using this parameters, if that helps.

    Any hint will be greatly appreciated.

    UPDATE: I already checked the HMAC encoding using a third party service and it returned the same as my app


    • Edited by Fernando Rod Tuesday, December 17, 2013 7:34 PM Clarification
    Tuesday, December 17, 2013 7:31 PM

Answers

  • I figured this out (God bless Pair Programming):

    I was signing incorrectly: 

    On the newApplicationCreationInfo:

    My Shared Secret is : gBksYDAqcuAUXK+zyvfFW9F0sy8nchwnplJ6K7aKmAM=

    But BEFORE hashing the "<content>...</content>" i need to decode my secret that is:

    hmacsig = calculateHMAC256(content, sharedSecret.decodeBase64())

     
    • Marked as answer by Fernando Rod Tuesday, December 31, 2013 1:46 PM
    Tuesday, December 31, 2013 1:45 PM