From a56a71e3971a8d0680439b8217ddee41462fd6dc Mon Sep 17 00:00:00 2001 From: Yigit Sever Date: Fri, 16 Apr 2021 13:56:45 +0300 Subject: Improve auth documentation --- site/public/register-docs/index.html | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'site/public/register-docs') diff --git a/site/public/register-docs/index.html b/site/public/register-docs/index.html index fdc5237..810f4ec 100644 --- a/site/public/register-docs/index.html +++ b/site/public/register-docs/index.html @@ -84,38 +84,42 @@
POST request to /register endpoint
+POST request to /register
endpoint
Lets a user to authenticate themselves to the system. Only people who are enrolled to the class can open Gradecoin accounts. This is enforced with your Student ID and a one time password you will receive.
+The bytes you are sending over the network are all Base64 Encoded
+
gradecoin_public_key
) is listed on our Moodle page.k_temp
)auth_plaintext
) with your metu_id
and public key
in base64 (PEM) format (S_PK
) referencegradecoin_public_key
) is listed on our Moodle page. Download and load it it to your client.P_AR
) with your metu_id
("e"+6 chars
) and public key
in base64 (PEM) format (S_PK
) reference
{
- "student_id": "e12345",
+ "student_id": "e123456",
"passwd": "15 char secret",
"public_key": "---BEGIN PUBLIC KEY..."
}
auth_plaintext
with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp
), the result is auth_ciphertext
. Encode this with base64.k_temp
is encrypted using RSA with OAEP padding scheme
-using SHA-256 with gradecoin_public_key
, giving us key_ciphertext
. Encode this with base 64.k_temp
)iv
).P_AR
with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (k_temp
), the result is C_AR
. Encode this with base64.k_temp
is encrypted using RSA with OAEP padding scheme using SHA-256 with gradecoin_public_key
, giving us key_ciphertext
. Encode this with base64.iv
) as well.auth_request
) can be serialized now:
{
- "c": "auth_ciphertext",
- "iv": "hexadecimal",
+ "c": "C_AR",
+ "iv": "iv",
"key": "key_ciphertext"
}
-If your authentication process was valid, you will be given access and your public key fingerprint that is your address.
+If your authentication process was valid, you will be given access and your public key fingerprint that is your address. +You can now sign JWTs to send authorized transaction requests.