Skip to content

Verify signature against new payload #30

New issue
New issue
Open
Task
Open
Verify signature against new payload#30
Task
@ChristianPavilonis

Description

@ChristianPavilonis
ChristianPavilonis
opened on Feb 3, 2026

Need to adjust to work with these changes: IABTechLab/trusted-server#220

Verification Steps

  1. Reconstruct the payload using values from the request:
    payload = f"{kid}:{request_host}:{request_scheme}:{request.id}:{ts}"

  2. Verify the signature using the public key associated with kid

  3. Validate the timestamp for replay protection:

    • Check ts is within acceptable window (e.g., not older than 5 minutes)
    • Optionally check it's not in the future

  4. Validate domain binding (optional but recommended):

    • Verify request_host matches the expected publisher domain
    • Verify request_scheme is https (if required)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions