{
    header = {alg: 'RS256'}
    claims = {aud: 'https://token.services.mozilla.com', exp: now + (60 * 5)}

    body = base64(header) + '.' + base64(claims)
    signature = token + '.' + rsa_encrypt_on_private_key(base64(token))

    assertion = certificate + '~' + signature
}

request( 'GET', 'https://token.services.mozilla.com/1.0/sync/1.5')

BrowserID <assertion>

{"status": "error", "errors": [{"location": "body", "name": "", "description": "Resource is not available"}]}

I try to get token from token server to access sync storage 1.5. This how i build my browserid assertion: <pre><nowiki>{ header = {alg: 'RS256'} claims = {aud: 'https://token.services.mozilla.com', exp: now + (60 * 5)} body = base64(header) + '.' + base64(claims) signature = token + '.' + rsa_encrypt_on_private_key(base64(token)) assertion = certificate + '~' + signature }</nowiki></pre> Certificate has my public key. I get it from auth server. After that i try to send request <pre><nowiki>request( 'GET', 'https://token.services.mozilla.com/1.0/sync/1.5') </nowiki></pre> with Authorization header: <pre><nowiki>BrowserID <assertion></nowiki></pre> I think server recognize me, because it response me not with Unauthorized header, but i get error: <pre><nowiki>{"status": "error", "errors": [{"location": "body", "name": "", "description": "Resource is not available"}]}</nowiki></pre> How can i resolve this problem? Please, i spent so much time on it. Need help. At least tell me is my assertion generation algorithm correct and if not can somebode show how it should be?