Backend token authentication
Difficulty level: Difficult
Objective
The backend configured on this service requires an authentication token in the URL. If it's missing or invalid, the backend will return a 403
(Forbidden) response. We don't expect requests from end users to include the token, so it needs to be added at the edge.
Use https://cspuzzle-synthetic-backend.global.ssl.fastly.net
as the backend, and the path /p1/source-1
. This endpoint expects to receive the token in a query string parameter named token
, in a GET
request. For the token to be validated and accepted, the following steps should be performed at the edge:
- Let
expiryTime
be a Unix timestamp of a date in the future - Let
stringToSign
be a string concatenation of the following, without whitespace or delimiters:- The request URL Path (e.g. "/foo" - a URL path does not include any query parameters or the hostname)
- The value of
expiryTime
(e.g. "1649328979") - The
User-Agent
header (e.g. "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0") - The client IP address (e.g. "233.252.73.192")
- Let
signature
be an base64 representation of an HMAC SHA 256 digest ofstringToSign
, generated using the secretvuVsBZ6JcHn8xtUP
. - Let
tokenValue
be a string concatenation ofexpiryTime
andsignature
, separated by an underscore character. - Let
beReq
be a new HTTP Request which has the same method, path and body as the client request - Set the query parameters of
beReq
to a single entry, with the key "token" set to the value oftokenValue
. - Set the headers of
beReq
toUser-Agent
: copy from client requestX-Client-IP
: The IP address of the client
- Send
beReq
to the origin.
For example, this could be a sample request URL:
https://cspuzzle-synthetic-backend.global.ssl.fastly.net/p1/source-1?token=2550557975_skZrIHPTKF2tVbIauoIoibQ+9nBFE+38/e4eJKD8ZUw=
If the backend is able to recognize and validate the token, it will respond with a 200
(OK) status and a JSON payload.
User contributed notes
BETADo you see an error in this page? Do have an interesting use case, example or edge case people should know about? Share your knowledge and help people who are reading this page! (Comments are moderated; for support, please contact support@fastly.com)