From fab0654942bd610c99999a6d193e0630d0cd6f98 Mon Sep 17 00:00:00 2001 From: Yigit Sever Date: Sun, 25 Apr 2021 23:45:22 +0300 Subject: Moving to nicenet --- content/JWT.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'content/JWT.md') diff --git a/content/JWT.md b/content/JWT.md index 46da1a2..e77457f 100644 --- a/content/JWT.md +++ b/content/JWT.md @@ -7,15 +7,15 @@ weight = 4 > JSON Web Tokens are representations of claims, or authorization proofs that fit into the `Header` of HTTP requests. # How? - -JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization: +JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization. +Gradecoin has 2 such operations: - block proposal - transaction proposal. -They are send alongside the JSON request body in the `Header`; +They are sent alongside the JSON request body in the `Header`; -```html -Authorization: Bearer aaaaaa.bbbbbb.ccccc +``` +Authorization: Bearer ``` Gradecoin uses 3 fields for the JWTs; @@ -29,11 +29,13 @@ Gradecoin uses 3 fields for the JWTs; ``` - `tha` is explained in [blocks](@/block_docs.md) and [transactions](@/transaction_docs.md) documentations. -- `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format -- `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) +- `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format. +- `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time). # Algorithm -We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works [here](https://jwt.io/). +We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. +The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. +You can see how the process works and create ad hoc tokens [here](https://jwt.io/). # References - [RFC, the ultimate reference](https://tools.ietf.org/html/rfc7519) -- cgit v1.2.3-70-g09d2