Signature generation for QuickBlox

Signature is encrypted sequence which allows us to be sure that data sent by you during session token is transferred to us without any changes by third party (man in the middle). In few words it prevents Man in the middle type of attacks.

http://wiki.quickblox.com/Overview#Signature

To calculate signature manually you have to do following steps

1. Sort following pairs (parameter, value) by alphabet

app_id=98
auth_key=8h49Tag9EpDNFX6
nonce=596
timestamp=1332758214

and concatenate to one string with ampersand (like query string in URL)

app_id=98&auth_key=8h49Tag9EpDNFX6&nonce=596&timestamp=1332758214

2. Then encrypt it with HMAC-SHA using auth secret (from app settings) as key for encrypting

Encryption result is hex hash

Manual encryption you can test with online service http://hash.online-convert.com/sha1-generator

Our result is

efdb1cdec94cedf7c821b33f4edd933d21ef8763

As you understood you shouldn't do it manually each time. You can write function by yourself or use QuickBlox SDK to simplify routine operations.

If you work with QB from JavaScript, it will be useful for you lib, that allows to calculate HMAC-SHA encryption http://code.google.com/p/crypto-js/#SHA-1

Function that calculates signature can look as

// QuickBlox application settings.
var QB = {
 appId : 'xxx',
 ownerId : 'xxxx',
 authKey : 'xxxxxxxxxxxxxxx',
 authSecret : 'xxxxxxxxxxxxxxx'
}

function getSignature() {
 var nonce = Math.floor(Math.random() * 1000); // Gets random number (0;1000)
 var timestamp = Math.round((new Date()).getTime() / 1000); // Gets unix timestamp (http://en.wikipedia.org/wiki/Unix_time) 

 // Creating message where parameters are sorted by alphabetical order.
 var message = 'app_id=' + QB.appId + '&auth_key=' + QB.authKey + '&nonce=' + nonce + '&timestamp=' + timestamp;
 var secret = QB.authSecret;
 // Encrypting message with secret key from QuickBlox application parameters.
 var hmac = Crypto.HMAC(Crypto.SHA1, message, secret);
 
 var signatureObj = {
  nonce   : nonce,
  timestamp  : timestamp,
  signature  : hmac
 };
 
 return signatureObj; 
}

Really quick start with BAAS QuickBlox

Hi all! Today I want to tell you how to start use BAAS in five minutes.

We will use BAAS QuickBlox, that allows to work with "User" entity thanks to Users module.

Authentication and authorization, Users module in QuickBlox

Go to https://admin.quickblox.com/apps and log in using test account

login: injoittest
password: injoittest

Go to app settings to discover app settings

We will use it in QuickBlox REST API.

1 step - Authentication and authorization

Look request at HURL (online REST requests explorer):

http://hurl.quickblox.com/hurls/1709be9cdd82f19d107164eea48a8a73e8bcceae/e952986cbe2f06b479995cd14eb2b53847ce7ae2

Send POST request to https://admin.quickblox.com/auth with following parameters

app_id = 98
auth_key = 8h49Tag9EpDNFX6
nonce = 596 (nonce is just random value)
timestamp = 1332758214 (Unix timestamp)
signature = efdb1cdec94cedf7c821b33f4edd933d21ef8763 (signature calculates using specific algorithm)

We need token from response to use in future requests

Detailed docs - http://wiki.quickblox.com/Authentication_and_Authorization

2 step - Add user

To add new user to our system, send POST to https://users.quickblox.com/users with following parameters

http://hurl.quickblox.com/hurls/c9c88b7e4918edc531c4bcfad6e995a829029c39/40ede32e25b28b88a9b42e6081bff4decdc3a591

Detailed docs - http://wiki.quickblox.com/Users#API_User_Sign_Up

3 step - Get all users in the system

Send GET request to https://users.quickblox.com/users with token as a parameter.

http://hurl.quickblox.com/hurls/dbed286560201b24ad5b5eac3559ba4447a83aae/39ab98eb5a088309eaa483e3ed7923a7c92005d9

Detailed docs - http://wiki.quickblox.com/Users#Retrieve_API_Users_for_current_application

All about PAAS, BAAS, SAAS

Hi all, here I'm going to post entries about PAAS, BAAS, SAAS services that make developer's life simpler.