How to sign system user token

In this article

Before requesting a new system user ticket, you have to sign your system user token with your RSA private key. The timestamp is also updated.

The SignedSystemToken element has the following format:

plain text system user token
a period (.)
a UTC date time formatted as YYYYMMddhhmm using leading zeros
a period (.)
a Base64 encoded, signed version of the first 3 items

For example:

System User Token.YYYYMMDDHHMM.mwhpYcNBfFqEaL0uLkCwXB99sM/Wo7DOnhjRwsmwNAd2EmBM1z+Co=

Pre-requisites:

Your application is approved and authenticated
You have validated the claim and extracted the system user token from the SuperIdToken
You have your private key file (converted from RSA to PEM)

You can get the SuperOffice public key from SuperOfficeOnlineCertificates.zip in the online-sdk-downloads.

To sign the token:

Concatenate the first 3 items: PLAINTEXT_TOKEN.TIMESTAMP
Using the partner's private certificate key, sign the concatenated items
Base64 encode the signed result

Signing with JavaScript

const utcTimestamp = moment.utc().format('YYYYMMDDHHmm');
const data = `YOUR_SYSTEM_USER_TOKEN.${utcTimestamp}`;

let sign = crypto.createSign('SHA256');
sign.update(data);
sign.end();

sign = sign.sign(rsaPrivateKey, 'base64');
const signedToken = `${data}.${sign}`;

Signing with PHP

$systemUserTokenAndTime = Application Name-pzqc70604i.201511111342
$signature = signVariable($systemUserTokenAndTime)
$signedSystemToken = $systemUserTokenAndTime + "." + base64_encode($signature)