How to validate auth_string coming from OFSC channel on middleware?
Summary:
Need procedure to validate auth_string value from OFSC on middleware for outbound messages from OFSC
Content (please ensure you mask any confidential information):
1. How to validate auth_string on middleware side for outbound messages from OFSC?
We are planning to use OFSC Outbound APIs to send certain alert messages via OFSC message engine. Our middleware (MW) does not want to use HTTP Basic Access Authentication and would like to know how the MW can process the auth_string coming from the Soap Message from OFSC. I understand that auth_string = SHA256(now + SHA256(CLIENT_SECRET+SHA256(CLIENT_ID))) and have the following sample user section. On MW side, we can define the corresponding client_id and client_secret from OFSC. MW also knows the now from the message. How MW could validate the auth_string based on now, client_id and client_secret known to MW?