From c8c7bd8359736cc5f2b1225b5d2b701db16719cc Mon Sep 17 00:00:00 2001 From: Jean Paul Galea Date: Fri, 9 Nov 2018 17:46:27 +0100 Subject: [PATCH] Use https in documentation --- doc/Getting_Started_Writing_Clients.adoc | 2 +- doc/Validation_Protocol_V2.0.adoc | 15 +++++++-------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/doc/Getting_Started_Writing_Clients.adoc b/doc/Getting_Started_Writing_Clients.adoc index 2cdd287..edfc3ea 100644 --- a/doc/Getting_Started_Writing_Clients.adoc +++ b/doc/Getting_Started_Writing_Clients.adoc @@ -60,7 +60,7 @@ make the request unique. The request is part of the HTTP GET URL, encoded using normal parameter/value pairs. For example (broken into two lines for legibility): - http://api2.yubico.com/wsapi/2.0/verify?id=1&otp=cccccccbcjdifc\ + https://api2.yubico.com/wsapi/2.0/verify?id=1&otp=cccccccbcjdifc\ trndncchkftchjlnbhvhtugdljibej&nonce=aef3a7835277a28da831005c2ae3b919e2076a62 The servers that Yubico provides are: diff --git a/doc/Validation_Protocol_V2.0.adoc b/doc/Validation_Protocol_V2.0.adoc index 68bac4f..71df598 100644 --- a/doc/Validation_Protocol_V2.0.adoc +++ b/doc/Validation_Protocol_V2.0.adoc @@ -2,14 +2,13 @@ === Introduction -All requests are HTTP GET requests. As such, all parameters must be +All requests are HTTPS GET requests. As such, all parameters must be properly URL encoded. In particular, some base64 characters (such as "+") in the value fields needs to be escaped. Each response sent by the server is signed. To verify that the -response has not been tampered with, clients either verify the HMAC -signature or use HTTPS connections (and verify the server -certificate). +response has not been tampered with, clients must use HTTPS connections +and optionally verify the HMAC signature. === Generating signatures @@ -59,9 +58,9 @@ the response is the same as the "otp" supplied in the request. === Request -Construct an HTTP GET call to +Construct an HTTPS GET call to - http://api.yubico.com/wsapi/2.0/verify + https://api.yubico.com/wsapi/2.0/verify with the following parameters (note that this request need not be signed): @@ -107,12 +106,12 @@ with the following parameters (note that this request need not be signed): An example request: - http://api.yubico.com/wsapi/2.0/verify?otp=vvvvvvcucrlcietctckflvnncdgckubflugerlnr&id=87&timeout=8&sl=50&nonce=askjdnkajsndjkasndkjsnad + https://api.yubico.com/wsapi/2.0/verify?otp=vvvvvvcucrlcietctckflvnncdgckubflugerlnr&id=87&timeout=8&sl=50&nonce=askjdnkajsndjkasndkjsnad And if you require additional information on timestamp and session counters: - http://api.yubico.com/wsapi/2.0/verify?id=87&otp=vvvvvvcucrlcietctckflvnncdgckubflugerlnr&timeout=8&sl=50&nonce=askjdnkajsndjkasndkjsnad×tamp=1 + https://api.yubico.com/wsapi/2.0/verify?id=87&otp=vvvvvvcucrlcietctckflvnncdgckubflugerlnr&timeout=8&sl=50&nonce=askjdnkajsndjkasndkjsnad×tamp=1 === Response