Page tree
Skip to end of metadata
Go to start of metadata


✔ To connect to any of the Application Interfaces provided by LORIOT, you need to prove you are a legitimate user of the network application.

➜ The public network is built for developers with ease of use in mind, so we don't require any complicated (but more secure) authentication mechanisms.

➜ The only mechanism used is a security token (per-application), and you will need to provide this token before any other interactions with the interface.

➜ Note that anyone with knowledge of the token can access your data, so please keep the tokens as protected any of your passwords.


If you require a different secure authentication mechanism, please contact us at info@loriot.io.


Contents



Token format


✔ With the latest update of our software, the format of the tokens has been changed.

 The token has been extended and now includes information about the application ID and the server origin, so that 3rd party platforms can use single value copy-paste to access our API.


✔ You can continue using any legacy tokens you have already in place, we provide full backward compatibility.


Token parse scheme:


Token parsing code example:

 static parseEncodedToken(encoded: string, appId: number|null): LRT.IAppToken {

                // Backward compatibility
                const tokenHex = Buffer.from(encoded, 'base64').toString('hex');
                if (appId && tokenHex.length === 32) {
                    return {
                        appId,
                        serverId: '',
                        token: tokenHex,
                    };
                } else if (encoded.length < 34) {
                    return LRTApp.parseOldToken(encoded);
                }

                const buf = Buffer.from(LRTApp.revertCleanBase64(encoded), 'base64');
                appId = parseInt(buf.slice(0, 4).toString('hex'), 16);
                const serverIdLength = buf.slice(4, 8).readUInt32BE(0);
                const serverId = buf.slice(8, 8 + serverIdLength).toString('utf8');
                const token = buf.slice(8 + serverIdLength).toString('hex');
                return {
                    appId,
                    serverId,
                    token,
                  };
                }
                private static parseOldToken(encoded: string): LRT.IAppToken {
                    const appIdBuf = Buffer.from(encoded.slice(0, 6), 'base64');
                    const appId = parseInt(appIdBuf.toString('hex'), 16);
                    const serverId = '';
                    const token = LRTApp.cleanBase64(encoded.slice(6));
                    return {
                        appId,
                        serverId,
                        token,
                    };
                }
                static revertCleanBase64(val: string): string {
                    return val
                    .replace(/\-/g, '+')
                    .replace(/\_/g, '\/');
                }
                static cleanBase64(val: string): string {
                    return val
                    .replace(/\+/g, '-')
                    .replace(/\//g, '_');
                }





  • No labels