A desk.com multipass example written in perl.

multipass.pl

#!/usr/bin/perl -w

use Digest::SHA qw( sha1 hmac_sha1 );
use Crypt::Random qw( makerandom_octet );
use DateTime;
use JSON;
use Crypt::CBC;
use Digest::HMAC;
use URL::Encode qw( url_encode_utf8 );
use MIME::Base64::Perl;

my $site_key  = 'mysite';
my $api_key   = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

print "== Generating ==\n";
print "    Create the encryption key using a 16 byte SHA1 digest of your api key and subdomain\n";

my $salted = $api_key . $site_key;
my $key    = substr( sha1( $salted ), 0, 16 );

print "    Generate a random 16 byte IV\n";

my $iv = substr( sha1( makerandom_octet( Length => 16, Strength => 1 ) ), 0, 16 );

print "    Build json data\n";

my $expires   = DateTime->now()->add( minutes => 5 );

my %user_data = (
  'uid' => '19238333',
  'expires' => "$expires",
  'customer_email' => 'john@example.com',
  'customer_name' => 'John'
);

my $data = encode_json( \%user_data );

print "    Data: $data\n";
print "    Encrypt data using AES128-cbc\n";

my $cipher = Crypt::CBC->new(
  -key         => $key,
  -iv          => $iv,
  -cipher      => 'Crypt::Rijndael',
  -header      => 'none',
  -literal_key => 1,
  -keysize     => 16
);

my $encrypted = $cipher->encrypt( $data );

print "    Prepend the IV to the encrypted data\n";

$encrypted = $iv . $encrypted;

print "    Base64 encode the encrypted data\n";

my $multipass = encode_base64( $encrypted );

print "    Build an HMAC-SHA1 signature using the encoded string and your api key\n";

my $digest    = hmac_sha1( $multipass, $api_key );
my $signature = encode_base64( $digest );

print "    Finally, URL encode the multipass and signature\n";

my $multipass_string = url_encode_utf8( $multipass );
my $signature_string = url_encode_utf8( $signature );

print "== Finished ==\n";
print "URL: https://$site_key.desk.com/customer/authentication/multipass/callback?multipass=$multipass_string&signature=$signature_string\n"