The Glance Login Key is a time-limited token issued by a partner or customer, used to authenticate a user to various Glance services.
The Login Key is passed on https: or glance: URLs in one of the following ways:
Appended to the username—for example, fred.glance.net (a Glance Address) after a tilde:
Passed along with Partner IDand Partner User ID parameters, typically:
A Glance user is uniquely identified by either a username or a Partner ID/Partner User ID pair.
Features of the Login Key
- Uses current best practice SHA-2 family of hashes.
- Expiration period selectable by the customer.
- Includes algorithm versioning to allow future changes with backward compatibility.
Login Key Format
The Login Key format is identified by a leading dollar sign. (This distinguishes it from the previous format login key.)
Login Key Components:
[ver] Must be 1 for this version of the key algorithm.
[expirationtime] The Unix (POSIX) epoch time. The number of seconds decimal since 00:00:00 UTC Jan 1 1970.
There is also a maximum time in the future for a valid expiration time (currently set to one day) to protect against possible accidentally generated keys with extended expiration times.
HMAC_SHA256: takes (secret key, message) arguments and generates a hash-based message authentication code.
NOTE: SHA-256is the 256 bit variant of SHA-2.The second (message) argument is the string concatenation of the four values. The HMAC must then be encoded as Base64URL (RFC 4648) without any trailing padding ("=") characters.
The resulting Login Key is 57 characters long.