1 files changed, 41 insertions, 0 deletions
diff --git a/content/JWT.md b/content/JWT.md
new file mode 100644
index 0000000..46da1a2
--- /dev/null
+++ b/content/JWT.md
@@ -0,0 +1,41 @@
+++
+title = "JWT"
+description = "JSON Web Token Documentation"
+weight = 4
+++
+> JSON Web Tokens are representations of claims, or authorization proofs that fit into the `Header` of HTTP requests.
+# How?
+JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization:
+- block proposal
+- transaction proposal.
+They are send alongside the JSON request body in the `Header`;
+```html
+Authorization: Bearer aaaaaa.bbbbbb.ccccc
+```
+Gradecoin uses 3 fields for the JWTs;
+```json
+{
+"tha": "Hash of the payload, check invididual references",
+"iat": "Issued At, Unix Time",
+"exp": "Expiration Time, epoch"
+}
+```
+- `tha` is explained in [blocks](@/block_docs.md) and [transactions](@/transaction_docs.md) documentations.
+- `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format
+- `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time)
+# Algorithm
+We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works [here](https://jwt.io/).
+# References
+- [RFC, the ultimate reference](https://tools.ietf.org/html/rfc7519)
+- [JWT Debugger](https://jwt.io/)

diff --git a/content/JWT.md b/content/JWT.md new file mode 100644 index 0000000..46da1a2 --- /dev/null +++ b/content/JWT.md
@@ -0,0 +1,41 @@
	1	+++
	2	title = "JWT"
	3	description = "JSON Web Token Documentation"
	4	weight = 4
	5	+++
	6
	7	> JSON Web Tokens are representations of claims, or authorization proofs that fit into the `Header` of HTTP requests.
	8
	9	# How?
	10
	11	JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization:
	12	- block proposal
	13	- transaction proposal.
	14
	15	They are send alongside the JSON request body in the `Header`;
	16
	17	```html
	18	Authorization: Bearer aaaaaa.bbbbbb.ccccc
	19	```
	20
	21	Gradecoin uses 3 fields for the JWTs;
	22
	23	```json
	24	{
	25	"tha": "Hash of the payload, check invididual references",
	26	"iat": "Issued At, Unix Time",
	27	"exp": "Expiration Time, epoch"
	28	}
	29	```
	30
	31	- `tha` is explained in [blocks](@/block_docs.md) and [transactions](@/transaction_docs.md) documentations.
	32	- `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format
	33	- `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time)
	34
	35	# Algorithm
	36	We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works [here](https://jwt.io/).
	37
	38	# References
	39	- [RFC, the ultimate reference](https://tools.ietf.org/html/rfc7519)
	40	- [JWT Debugger](https://jwt.io/)
	41