Forum Feedback Validation process example mistakes

Problem with the website? Confused about something? Or maybe you just have something you'd like to suggest. This is the place to do it.

Validation process example mistakes

Postby gamovation » October 2nd, 2014, 10:22 am

Troubles with checking example from this page: https://gamesnet.yahoo.net/documentation/yahoo/canvas

Provided example data:
Code: Select all
usertoken: eyJ2ZXJzaW9uIjoiVjFfSE1BQ1GIQTI1NiIsInVzZXJJZCI6IllKT0Q3V1hSUEhPQlhWTFJFTU40R1JGNlgzNCIsImFwaVRva2VuIjoiclFVQUFGI5ZBQUFCQUFBQWJRVUFBTDhQQUFBQUFBQUFBQUFBQUFHMC9lc0F0TEFLVDNYT1VpRFJaMTFEZUFBa2NJWnU3RHc9IiwiZXhwaXJlcyI6MTM4OTc2OTY4MH0.pkJlmsVCpYmmEqWmYcmIRqRI7lvJuyyR21GLPHr6k


Code: Select all
jsonEncoded part:
eyJ2ZXJzaW9uIjoiVjFfSE1BQ1GIQTI1NiIsInVzZXJJZCI6IllKT0Q3V1hSUEhPQlhWTFJFTU40R1JGNlgzNCIsImFwaVRva2VuIjoiclFVQUFGI5ZBQUFCQUFBQWJRVUFBTDhQQUFBQUFBQUFBQUFBQUFHMC9lc0F0TEFLVDNYT1VpRFJaMTFEZUFBa2NJWnU3RHc9IiwiZXhwaXJlcyI6MTM4OTc2OTY4MH0


When I tried to parse it on php using base64_url_decode or using this web service - http://www.base64decode.org/ I got same result:
Code: Select all
{
    "version":"V1_HMACQA256",
    "userId":"YJOD7WXRPHOBXVLREMN4GRF6X34",
    "apiToken":"rQUAAF#AAABAAAAbQUAAL8PAAAAAAAAAAAAAAG0/esAtLAKT3XOUiDRZ11DeAAkcIZu7Dw=",
    "expires":1389769680
}


but on your example provided next data:
Code: Select all
{
    "version":"V1_HMACSHA256",
    "userId":"YIOD7WXHPHO3XVLREMN4GRW6X34",
    "apiToken":"rQUAAFcFAAABAAbQUAAL8PAAAAAAG0/esAtLAJT3XOUiRZ11DeAkcu7Dw=",
    "expires":1389769680
}


All fields have difference. Same situation with auth key.

Also, on your guide there is some variable duplication, that could cause miss understandings:
Code: Select all
var parts = getQueryString("usertoken").split(".")
var jsonBytes = base64urlDecode(parts[0])
var userInfo = parseJSON(jsonBytes)
var auth = base64urlDecode(parts[1])

if (userinfo.expires > getCurrentUnixTime()) {
    if (userinfo.version == "V1_HMACSHA256") {
        var auth = hmacSha256(getUtf8Bytes(gameSecret), jsonBytes)
        if (jsonBytes == auth) {
            // User is valid. Continue.
        } else {
            error("invalid usertoken auth")
        }
    } else {
        error("unknown usertoken version: " + userinfo.version)
    }
} else {
    error("the token has expired");
}


auth variable have two definitions. Could you fix it, or at least, provide some information of Validating process on Yahoo Games using PhP language.

Thanks!
gamovation
 
Posts: 1
Joined: October 1st, 2014, 4:39 pm

Return to Feedback