digest.time_hmac_sha256

STRINGdigest.time_hmac_sha256STRINGkeyINTEGERintervalINTEGERoffset

Available in all subroutines.

Returns a time-based, one-time password. The password is a SHA-256 hash based upon the current time. The key parameter is a Base64-encoded key. The interval parameter specifies the lifetime of the token and must be non-negative. The offset parameter provides a means for mitigating clock skew.

Base64 decoding behaves as if by a call to digest.base64_decode. See that function for handling invalid characters and the behavior of padding. Unlike digest.base64_decode, the decoded output is used directly (rather than constructing a VCL STRING type), and so binary content is permitted, including possible NUL bytes.

Example

set req.http.X-OTP-CurBucket = digest.time_hmac_sha256(
digest.base64("secret"), 60, 0);
set req.http.X-OTP-PrevBucket = digest.time_hmac_sha256(
digest.base64("secret"), 60, -1);
set req.http.X-OTP-NextBucket = digest.time_hmac_sha256(
digest.base64("secret"), 60, 1);