In case a signature application connected to the Cleverbase Signing API offers signing solutions to multiple customers, it is expected to provide a unique identifier of that customer for accounting purposes. In this case, it is possible to pass an account_token parameter in the oauth2/authorize request.
This parameter contains a secure token designed to authenticate the authorization request based on an Account ID that SHALL be uniquely assigned by the signature application to the signing user or to the user’s application account.
Content
account_token = base64UrlEncode(<JWT_Header>) + "." +
base64UrlEncode(<JWT_Payload>) + "." +
base64UrlEncode(<JWT_Signature>)JWT_Header
<JWT_Header> = {
"typ": "JWT", REQUIRED
"alg": "HS256" REQUIRED
}JWT_Payload
<JWT_Payload> = {
"sub": "<Account_ID>", # Account ID, REQUIRED
"iat": <Unix_Epoch_Time>, # Issued At Time, REQUIRED
"jti": "<Token_Unique_Identifier>", # JWT ID, REQUIRED
"iss": "<Signature_Application_Name>", # Issuer, OPTIONAL
"azp": "<OAuth2_client_id>" # Authorized presenter, REQUIRED
}JWT_Signature
<JWT_Signature> = HMACSHA256(
base64UrlEncode(<JWT_Header>) + "." +
base64UrlEncode(<JWT_Payload>),
SHA256(<OAuth2_client_secret>)
)For more information, see CSC v1, chapter 8.3.1