+ + + + + +

+ +

+ How? +

+ + +

+ Algorithm +

+ + +

+ References +

+ + +

+ + + +

+ +

JSON Web Token Documentation

+
JSON Web Tokens are representations of claims, or authorization proofs that fit into the Header of HTTP requests.
+

How?

JWTs are used as the MAC of operations that require authorization:

block proposal
transaction proposal.

They are send alongside the JSON request body in the Header;

+Authorization: Bearer aaaaaa.bbbbbb.ccccc
+

Gradecoin uses 3 fields for the JWTs;

+{
+"tha": "Hash of the payload, check invididual references",
+"iat": "Issued At, Unix Time",
+"exp": "Expiration Time, epoch"
+}
+

tha is explained in blocks and transactions documentations.
iat when the JWT was created in Unix Time format
exp when the JWT will expire & be rejected in Unix Time

Algorithm

We are using RS256, RSASSA-PKCS1-v1_5 using SHA-256. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works here.

References

RFC, the ultimate reference
JWT Debugger

+ + +

+ + + +