Skip to content

Instantly share code, notes, and snippets.

What would you like to do? Multipass SSO using OpenSSL
// Create the encryption key using a 16 byte SHA1 digest of your api key and subdomain
$salted = $api_key . $subdomain;
$digest = hash('sha1', $salted, true);
$key = substr($digest, 0, 16);
// Generate a random 16 byte IV
$iv = random_bytes(16);
// Build json data
$user_data = array(
'uid' => '123abc',
'customer_email' => '',
'customer_name' => 'Test User',
'expires' => date("c", strtotime("+5 minutes"))
$data = json_encode($user_data);
// Encrypt data using AES128-cbc
$multipass = openssl_encrypt($data, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
// Prepend the IV to the encrypted data
// This will be extracted and used for decryption
$multipass = $iv . $multipass;
// Base64 encode the encrypted data
$multipass = base64_encode($multipass);
// Build an HMAC-SHA1 signature using the encoded string and your api key
$signature = hash_hmac("sha1", $multipass, $api_key, true);
// Base64 encode the signature
$signature = base64_encode($signature);
// Finally, URL encode the multipass and signature
$multipass = urlencode($multipass);
$signature = urlencode($signature);
print "multipass: " . $multipass . "\n";
print "signature: " . $signature . "\n";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.