<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>JWT | Gradecoin </title>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<style>
:root {
/* Primary theme color */
--primary-color: #F8D12F;
/* Primary theme text color */
--primary-text-color: #1E2329;
/* Primary theme link color */
--primary-link-color: #2F57F7;
/* Secondary color: the background body color */
--secondary-color: #FAFAFA;
--secondary-text-color: #303030;
/* Highlight text color of table of content */
--toc-highlight-text-color: #d46e13;
}
</style>
<link href="https://fonts.googleapis.com/css?family=Alfa+Slab+One&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Fira+Sans:400,500,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/normalize.css">
<link rel="stylesheet" href="https://gradecoin.xyz/juice.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css" />
</head>
<body>
<header class="box-shadow">
<a href="https://gradecoin.xyz/">
<div class="logo">
<img src="https://gradecoin.xyz/gradecoin.png" alt="logo">
Gradecoin
</div>
</a>
<nav>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/register-docs/">Register</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/jwt/">JWT</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/transaction-docs/">Transactions</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/block-docs/">Blocks</a>
<a class="nav-item subtitle-text" href="https://github.com/zhuowei/nft_ptr#why">why?</a>
</nav>
</header>
<main>
<div class="toc">
<div class="toc-sticky">
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/jwt/#how">How?</a>
</div>
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/jwt/#algorithm">Algorithm</a>
</div>
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/jwt/#references">References</a>
</div>
</div>
</div>
<div class="content text">
<div class="heading-text">JSON Web Token Documentation</div>
<blockquote>
<p>JSON Web Tokens are representations of claims, or authorization proofs that fit into the <code>Header</code> of HTTP requests.</p>
</blockquote>
<h1 id="how">How?</h1>
<p>JWTs are used as the <a href="https://en.wikipedia.org/wiki/Message_authentication_code">MAC</a> of operations that require authorization:</p>
<ul>
<li>block proposal</li>
<li>transaction proposal.</li>
</ul>
<p>They are send alongside the JSON request body in the <code>Header</code>;</p>
<pre style="background-color:#ffffff;">
<code class="language-html" data-lang="html"><span style="color:#545052;">Authorization: Bearer aaaaaa.bbbbbb.ccccc
</span></code></pre>
<p>Gradecoin uses 3 fields for the JWTs;</p>
<pre style="background-color:#ffffff;">
<code class="language-json" data-lang="json"><span style="color:#545052;">{
"</span><span style="color:#009854;">tha</span><span style="color:#545052;">": "</span><span style="color:#009854;">Hash of the payload, check invididual references</span><span style="color:#545052;">",
"</span><span style="color:#009854;">iat</span><span style="color:#545052;">": "</span><span style="color:#009854;">Issued At, Unix Time</span><span style="color:#545052;">",
"</span><span style="color:#009854;">exp</span><span style="color:#545052;">": "</span><span style="color:#009854;">Expiration Time, epoch</span><span style="color:#545052;">"
}
</span></code></pre>
<ul>
<li><code>tha</code> is explained in <a href="https://gradecoin.xyz/block-docs/">blocks</a> and <a href="https://gradecoin.xyz/transaction-docs/">transactions</a> documentations.</li>
<li><code>iat</code> when the JWT was created in <a href="https://en.wikipedia.org/wiki/Unix_time">Unix Time</a> format</li>
<li><code>exp</code> when the JWT will expire & be rejected in <a href="https://en.wikipedia.org/wiki/Unix_time">Unix Time</a></li>
</ul>
<h1 id="algorithm">Algorithm</h1>
<p>We are using <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1">RS256</a>, <code>RSASSA-PKCS1-v1_5 using SHA-256</code>. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works <a href="https://jwt.io/">here</a>.</p>
<h1 id="references">References</h1>
<ul>
<li><a href="https://tools.ietf.org/html/rfc7519">RFC, the ultimate reference</a></li>
<li><a href="https://jwt.io/">JWT Debugger</a></li>
</ul>
</div>
</main>
<footer>
Built For ⁂ CENG489 ⁂ Introduction to Computer Security
</footer>
</body>
<script>
function highlightNav(heading) {
let pathname = location.pathname;
document.querySelectorAll(".toc a").forEach((item) => {
item.classList.remove("active");
});
document.querySelector(".toc a[href$='" + pathname + "#" + heading + "']").classList.add("active");
}
let currentHeading = "";
window.onscroll = function () {
let h = document.querySelectorAll("h1,h2,h3,h4,h5,h6");
let elementArr = [];
h.forEach(item => {
if (item.id !== "") {
elementArr[item.id] = item.getBoundingClientRect().top;
}
});
elementArr.sort();
for (let key in elementArr) {
if (!elementArr.hasOwnProperty(key)) {
continue;
}
if (elementArr[key] > 0 && elementArr[key] < 300) {
if (currentHeading !== key) {
highlightNav(key);
currentHeading = key;
}
break;
}
}
}
</script>
</html>