diff options
author | Yigit Sever | 2021-04-19 18:23:22 +0300 |
---|---|---|
committer | Yigit Sever | 2021-04-19 18:23:22 +0300 |
commit | 59ea3bd25b1f113168333eccdc9ffc4acd98cfe6 (patch) | |
tree | 4d76d4423f7d47755890aa98cbf0751978ef9180 /content/JWT.md | |
download | gradecoin-site-59ea3bd25b1f113168333eccdc9ffc4acd98cfe6.tar.gz gradecoin-site-59ea3bd25b1f113168333eccdc9ffc4acd98cfe6.tar.bz2 gradecoin-site-59ea3bd25b1f113168333eccdc9ffc4acd98cfe6.zip |
Initial commit
Diffstat (limited to 'content/JWT.md')
-rw-r--r-- | content/JWT.md | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/content/JWT.md b/content/JWT.md new file mode 100644 index 0000000..46da1a2 --- /dev/null +++ b/content/JWT.md | |||
@@ -0,0 +1,41 @@ | |||
1 | +++ | ||
2 | title = "JWT" | ||
3 | description = "JSON Web Token Documentation" | ||
4 | weight = 4 | ||
5 | +++ | ||
6 | |||
7 | > JSON Web Tokens are representations of claims, or authorization proofs that fit into the `Header` of HTTP requests. | ||
8 | |||
9 | # How? | ||
10 | |||
11 | JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization: | ||
12 | - block proposal | ||
13 | - transaction proposal. | ||
14 | |||
15 | They are send alongside the JSON request body in the `Header`; | ||
16 | |||
17 | ```html | ||
18 | Authorization: Bearer aaaaaa.bbbbbb.ccccc | ||
19 | ``` | ||
20 | |||
21 | Gradecoin uses 3 fields for the JWTs; | ||
22 | |||
23 | ```json | ||
24 | { | ||
25 | "tha": "Hash of the payload, check invididual references", | ||
26 | "iat": "Issued At, Unix Time", | ||
27 | "exp": "Expiration Time, epoch" | ||
28 | } | ||
29 | ``` | ||
30 | |||
31 | - `tha` is explained in [blocks](@/block_docs.md) and [transactions](@/transaction_docs.md) documentations. | ||
32 | - `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format | ||
33 | - `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) | ||
34 | |||
35 | # Algorithm | ||
36 | We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works [here](https://jwt.io/). | ||
37 | |||
38 | # References | ||
39 | - [RFC, the ultimate reference](https://tools.ietf.org/html/rfc7519) | ||
40 | - [JWT Debugger](https://jwt.io/) | ||
41 | |||