diff options
author | Yigit Sever | 2021-04-19 18:21:06 +0300 |
---|---|---|
committer | Yigit Sever | 2021-04-19 18:21:06 +0300 |
commit | 81ebd267c89011ca65cd5cfe382e10fabd9017ac (patch) | |
tree | 4e1f17b897bc9e3850e9c50861fd4893371f05e4 /site/content/JWT.md | |
parent | 202625e0e1a4a6a85c895d9cd71a9f419a3b2173 (diff) | |
download | gradecoin-81ebd267c89011ca65cd5cfe382e10fabd9017ac.tar.gz gradecoin-81ebd267c89011ca65cd5cfe382e10fabd9017ac.tar.bz2 gradecoin-81ebd267c89011ca65cd5cfe382e10fabd9017ac.zip |
Moving site to separate repo
Diffstat (limited to 'site/content/JWT.md')
-rw-r--r-- | site/content/JWT.md | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/site/content/JWT.md b/site/content/JWT.md deleted file mode 100644 index 46da1a2..0000000 --- a/site/content/JWT.md +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | +++ | ||
2 | title = "JWT" | ||
3 | description = "JSON Web Token Documentation" | ||
4 | weight = 4 | ||
5 | +++ | ||
6 | |||
7 | > JSON Web Tokens are representations of claims, or authorization proofs that fit into the `Header` of HTTP requests. | ||
8 | |||
9 | # How? | ||
10 | |||
11 | JWTs are used as the [MAC](https://en.wikipedia.org/wiki/Message_authentication_code) of operations that require authorization: | ||
12 | - block proposal | ||
13 | - transaction proposal. | ||
14 | |||
15 | They are send alongside the JSON request body in the `Header`; | ||
16 | |||
17 | ```html | ||
18 | Authorization: Bearer aaaaaa.bbbbbb.ccccc | ||
19 | ``` | ||
20 | |||
21 | Gradecoin uses 3 fields for the JWTs; | ||
22 | |||
23 | ```json | ||
24 | { | ||
25 | "tha": "Hash of the payload, check invididual references", | ||
26 | "iat": "Issued At, Unix Time", | ||
27 | "exp": "Expiration Time, epoch" | ||
28 | } | ||
29 | ``` | ||
30 | |||
31 | - `tha` is explained in [blocks](@/block_docs.md) and [transactions](@/transaction_docs.md) documentations. | ||
32 | - `iat` when the JWT was created in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) format | ||
33 | - `exp` when the JWT will expire & be rejected in [Unix Time](https://en.wikipedia.org/wiki/Unix_time) | ||
34 | |||
35 | # Algorithm | ||
36 | We are using [RS256](https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1), `RSASSA-PKCS1-v1_5 using SHA-256`. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works [here](https://jwt.io/). | ||
37 | |||
38 | # References | ||
39 | - [RFC, the ultimate reference](https://tools.ietf.org/html/rfc7519) | ||
40 | - [JWT Debugger](https://jwt.io/) | ||
41 | |||