diff options
author | Yigit Sever | 2021-04-15 05:30:53 +0300 |
---|---|---|
committer | Yigit Sever | 2021-04-15 05:30:53 +0300 |
commit | 68c568670ce2608153e0d5709b0a08b2418431b4 (patch) | |
tree | 310eb518a29e0046ba5a24587862f03898a9e6a8 /site/content/JWT.md | |
parent | dcc2d99140d25c5f163e425fb6ed7246fe88ea54 (diff) | |
download | gradecoin-68c568670ce2608153e0d5709b0a08b2418431b4.tar.gz gradecoin-68c568670ce2608153e0d5709b0a08b2418431b4.tar.bz2 gradecoin-68c568670ce2608153e0d5709b0a08b2418431b4.zip |
Start frontend
Diffstat (limited to 'site/content/JWT.md')
-rw-r--r-- | site/content/JWT.md | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/site/content/JWT.md b/site/content/JWT.md index 91a7a73..f55ab17 100644 --- a/site/content/JWT.md +++ b/site/content/JWT.md | |||
@@ -4,8 +4,38 @@ description = "JSON Web Token Documentation" | |||
4 | weight = 5 | 4 | weight = 5 |
5 | +++ | 5 | +++ |
6 | 6 | ||
7 | Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod | 7 | > JSON Web Tokens are representations of claims, or authorization proofs that fit into the `Header` of HTTP requests. |
8 | tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At | 8 | |
9 | vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd | 9 | # How? |
10 | ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. | 10 | |
11 | JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization: | ||
12 | - block proposal | ||
13 | - transaction proposal. | ||
14 | |||
15 | They are send alongside the JSON request body in the `Header`; | ||
16 | |||
17 | ```html | ||
18 | Authorization: Bearer aaaaaa.bbbbbb.ccccc | ||
19 | ``` | ||
20 | |||
21 | Gradecoin uses 3 fields for the JWTs; | ||
22 | |||
23 | ```json | ||
24 | { | ||
25 | "tha": "Hash of the payload, check invididual references", | ||
26 | "iat": "Issued At, Unix Time", | ||
27 | "exp": "Expiration Time, epoch" | ||
28 | } | ||
29 | ``` | ||
30 | |||
31 | - `tha` is explained in [blocks](@/block_docs.md) and [transactions](@/transaction_docs.md) documentations. | ||
32 | - `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format | ||
33 | - `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) | ||
34 | |||
35 | # Algorithm | ||
36 | We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works [here](https://jwt.io/). | ||
37 | |||
38 | # References | ||
39 | - [RFC, the ultimate reference](https://tools.ietf.org/html/rfc7519) | ||
40 | - [JWT Debugger](https://jwt.io/) | ||
11 | 41 | ||