aboutsummaryrefslogtreecommitdiffstats
path: root/site/content/JWT.md
diff options
context:
space:
mode:
authorYigit Sever2021-04-15 05:30:53 +0300
committerYigit Sever2021-04-15 05:30:53 +0300
commit68c568670ce2608153e0d5709b0a08b2418431b4 (patch)
tree310eb518a29e0046ba5a24587862f03898a9e6a8 /site/content/JWT.md
parentdcc2d99140d25c5f163e425fb6ed7246fe88ea54 (diff)
downloadgradecoin-68c568670ce2608153e0d5709b0a08b2418431b4.tar.gz
gradecoin-68c568670ce2608153e0d5709b0a08b2418431b4.tar.bz2
gradecoin-68c568670ce2608153e0d5709b0a08b2418431b4.zip
Start frontend
Diffstat (limited to 'site/content/JWT.md')
-rw-r--r--site/content/JWT.md38
1 files changed, 34 insertions, 4 deletions
diff --git a/site/content/JWT.md b/site/content/JWT.md
index 91a7a73..f55ab17 100644
--- a/site/content/JWT.md
+++ b/site/content/JWT.md
@@ -4,8 +4,38 @@ description = "JSON Web Token Documentation"
4weight = 5 4weight = 5
5+++ 5+++
6 6
7Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod 7> JSON Web Tokens are representations of claims, or authorization proofs that fit into the `Header` of HTTP requests.
8tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At 8
9vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd 9# How?
10ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. 10
11JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization:
12- block proposal
13- transaction proposal.
14
15They are send alongside the JSON request body in the `Header`;
16
17```html
18Authorization: Bearer aaaaaa.bbbbbb.ccccc
19```
20
21Gradecoin uses 3 fields for the JWTs;
22
23```json
24{
25"tha": "Hash of the payload, check invididual references",
26"iat": "Issued At, Unix Time",
27"exp": "Expiration Time, epoch"
28}
29```
30
31- `tha` is explained in [blocks](@/block_docs.md) and [transactions](@/transaction_docs.md) documentations.
32- `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format
33- `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time)
34
35# Algorithm
36We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works [here](https://jwt.io/).
37
38# References
39- [RFC, the ultimate reference](https://tools.ietf.org/html/rfc7519)
40- [JWT Debugger](https://jwt.io/)
11 41