digest.time_hmac_sha256
Available inall subroutines.
Returns a time-based, one-time password. The password is a SHA-256 hash based
upon the current time. The key
parameter is a Base64-encoded key. The
interval
parameter specifies the lifetime of the token and must be
non-negative. The offset
parameter provides a means for mitigating clock skew.
Base64 decoding behaves as if by a call to
digest.base64_decode
.
See that function for handling invalid characters and the behavior of padding.
Unlike digest.base64_decode
, the decoded output is used directly
(rather than constructing a VCL STRING type), and so binary content
is permitted, including possible NUL bytes.
Example
set req.http.X-OTP-CurBucket = digest.time_hmac_sha256( digest.base64("secret"), 60, 0);set req.http.X-OTP-PrevBucket = digest.time_hmac_sha256( digest.base64("secret"), 60, -1);set req.http.X-OTP-NextBucket = digest.time_hmac_sha256( digest.base64("secret"), 60, 1);