Step 1. Encode your customer information using JSON
{
"email": "bob@your-client-email@email.example",
"created_at": "2021-04-11T15:16:23-04:00",
}
Step 2. Encrypt the JSON data using AES via Multipass.php
To generate a valid multi-pass login token, you need the secret. The secret is used to derive two cryptographic keys — one for encryption and one for signing. This key derivation is done through the use of the SHA-256 hash function (the first 128 bit are used as encryption key and the last 128 bit are used as signature key).
The encryption provides confidentiality. It makes sure that no one can read the customer data. As encryption cipher, we use the AES algorithm (128 bit key length, CBC mode of operation, random initialisation vector).
Step 3. Base64 encode the binary data
The multi-pass login token now consists of the 128 bit initialisation vector, a variable length ciphertext, and a 256 bit signature (in this order). This data is encoded using base64 (URL-safe variant, RFC 4648).
Step 4. Redirect your customer to your Project Editor
https://dashboard-domain.example/multipass/{PUBLIC_ID}?token={MULTIPASS_TOKEN}
Implementation example
<?php
use App\Multipass;
require('Multipass.php');
const PUBLIC_PARTNER_ID = 1111111;
const SECRET_KEY = "XXXXXXX";
// Your customer email from the session
function getCustomerEmail()
{
return 'customer11@test.dev';
}
function getToken()
{
return (new Multipass(SECRET_KEY))->encode([
'created_at' => (new \DateTime())->format(\DateTime::ISO8601),
'email' => getCustomerEmail(),
'subdomain' => 'xxx' // will be a xxx.preview-domain.example
]);
}
$redirect_url = 'https://dashboard-domain.example/multipass/' . PUBLIC_PARTNER_ID . '?token=' . getToken();
header("Location: $redirect_url");
exit;