SharinPix Token Verification

This article explains how to verify if a SharinPix Token is valid using an Apex method.

The following sections include:

For more information on SharinPix tokens, refer to this article: Working with SharinPix Tokens

validateToken Method

The validateToken (String token) method available in the sharinpix.Client class assesses the token's validity. It returns true if the token is valid and false otherwise.This method ensures that only valid and authentic tokens are used to access and upload SharinPix images. The code snippet below demonstrates how to use the validateToken method to validate a SharinPix Token.

validateToken Method Example

global Boolean validateToken(String token)

Boolean isValid = sharinpix.Client.getInstance().validateToken(token);
System.debug('Token Valid: ' + isValid);
Click to copy

verifyToken Method

The verifyToken method, used inside the validateToken method examines several criteria to ensure the validity of the provided token. It evaluates whether any exceptions should be thrown during the verification process.

verifyToken Method Example

global void verifyToken(String token)

String errorMessage = '';

try {
    sharinpix.Client.getInstance().verifyToken(token);
    return true;
} catch(Exception error) {
    errorMessage = error.getMessage();
}
Click to copy

Criteria for SharinPix Token Verification

The verifyToken method's validation process includes:

  • Checking the expiration time (exp) to ensure it's later than the current timestamp, avoiding acceptance of expired tokens.
  • Verifying the token issued time (iat) by ensuring that it is earlier than the current timestamp thus preventing acceptance of tokens issued in the future.
  • Checking that the token is not null and does not have an invalid format.
  • Most importantly, the token header is decoded and an error is thrown if the signature is invalid. This ensures that the token has been created with your credentials only and has not been tampered with.

Demo

Validate a SharinPix Token for a Visualforce Site

The sample code below demonstrates the use of the validateToken method for token validation within a Visualforce site. This method is important for ensuring the security and integrity of the authentication process on the Visualforce site.

Visualforce Page 

<apex:page controller="SiteParameterValidateToken">
    <apex:outputPanel rendered="{! canAccessSite }">
        <!-- Component rendered only after Apex validates token. -->
        <p>Valid Token : {! canAccessSite }</p>
    </apex:outputPanel>
    <apex:outputPanel rendered="{! !canAccessSite }">
        <!-- Error message? Redirect? -->
        <p>Valid Token : {! canAccessSite }</p>
    </apex:outputPanel>
</apex:page>
Click to copy

Apex Class 

public class SiteParameterValidateToken {
    public Boolean canAccessSite { get; set; }
    
    public SiteParameterValidateToken() {
        String token = ApexPages.currentPage().getParameters().get('token');
        canAccessSite = false;
        try {
            canAccessSite = sharinpix.Client.getInstance().validateToken(token); // the new method on SharinPix
        } catch (Exception e) {
            canAccessSite = false;
        }
    }
}
Click to copy

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.