1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>JWT | Gradecoin </title>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<style>
:root {
/* Primary theme color */
--primary-color: #F8D12F;
/* Primary theme text color */
--primary-text-color: #1E2329;
/* Primary theme link color */
--primary-link-color: #2F57F7;
/* Secondary color: the background body color */
--secondary-color: #FAFAFA;
--secondary-text-color: #303030;
/* Highlight text color of table of content */
--toc-highlight-text-color: #d46e13;
}
</style>
<link href="https://fonts.googleapis.com/css?family=Alfa+Slab+One&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Fira+Sans:400,500,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/normalize.css">
<link rel="stylesheet" href="https://gradecoin.xyz/juice.css">
</head>
<body>
<header class="box-shadow">
<a href="https://gradecoin.xyz/">
<div class="logo">
<img src="https://gradecoin.xyz/gradecoin.png" alt="logo">
Gradecoin
</div>
</a>
<nav>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/block-docs/">Blocks</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/transaction-docs/">Transactions</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/register-docs/">Register</a>
<a class="nav-item subtitle-text" href="https://gradecoin.xyz/jwt/">JWT</a>
<a class="nav-item subtitle-text" href="https://github.com/zhuowei/nft_ptr#why">why?</a>
</nav>
</header>
<main>
<div class="toc">
<div class="toc-sticky">
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/jwt/#how">How?</a>
</div>
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/jwt/#algorithm">Algorithm</a>
</div>
<div class="toc-item">
<a class="subtext" href="https://gradecoin.xyz/jwt/#references">References</a>
</div>
</div>
</div>
<div class="content text">
<div class="heading-text">JSON Web Token Documentation</div>
<blockquote>
<p>JSON Web Tokens are representations of claims, or authorization proofs that fit into the <code>Header</code> of HTTP requests.</p>
</blockquote>
<h1 id="how">How?</h1>
<p>JWTs are used as the <a href="https://en.wikipedia.org/wiki/Message_authentication_code">MAC</a> of operations that require authorization:</p>
<ul>
<li>block proposal</li>
<li>transaction proposal.</li>
</ul>
<p>They are send alongside the JSON request body in the <code>Header</code>;</p>
<pre style="background-color:#ffffff;">
<code class="language-html" data-lang="html"><span style="color:#545052;">Authorization: Bearer aaaaaa.bbbbbb.ccccc
</span></code></pre>
<p>Gradecoin uses 3 fields for the JWTs;</p>
<pre style="background-color:#ffffff;">
<code class="language-json" data-lang="json"><span style="color:#545052;">{
"</span><span style="color:#009854;">tha</span><span style="color:#545052;">": "</span><span style="color:#009854;">Hash of the payload, check invididual references</span><span style="color:#545052;">",
"</span><span style="color:#009854;">iat</span><span style="color:#545052;">": "</span><span style="color:#009854;">Issued At, Unix Time</span><span style="color:#545052;">",
"</span><span style="color:#009854;">exp</span><span style="color:#545052;">": "</span><span style="color:#009854;">Expiration Time, epoch</span><span style="color:#545052;">"
}
</span></code></pre>
<ul>
<li><code>tha</code> is explained in <a href="https://gradecoin.xyz/block-docs/">blocks</a> and <a href="https://gradecoin.xyz/transaction-docs/">transactions</a> documentations.</li>
<li><code>iat</code> when the JWT was created in <a href="https://en.wikipedia.org/wiki/Unix_time">Unix Time</a> format</li>
<li><code>exp</code> when the JWT will expire & be rejected in <a href="https://en.wikipedia.org/wiki/Unix_time">Unix Time</a></li>
</ul>
<h1 id="algorithm">Algorithm</h1>
<p>We are using <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1">RS256</a>, <code>RSASSA-PKCS1-v1_5 using SHA-256</code>. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works <a href="https://jwt.io/">here</a>.</p>
<h1 id="references">References</h1>
<ul>
<li><a href="https://tools.ietf.org/html/rfc7519">RFC, the ultimate reference</a></li>
<li><a href="https://jwt.io/">JWT Debugger</a></li>
</ul>
</div>
</main>
<footer>
Built For ⁂ CENG489 ⁂ Introduction to Computer Security
</footer>
</body>
<script>
function highlightNav(heading) {
let pathname = location.pathname;
document.querySelectorAll(".toc a").forEach((item) => {
item.classList.remove("active");
});
document.querySelector(".toc a[href$='" + pathname + "#" + heading + "']").classList.add("active");
}
let currentHeading = "";
window.onscroll = function () {
let h = document.querySelectorAll("h1,h2,h3,h4,h5,h6");
let elementArr = [];
h.forEach(item => {
if (item.id !== "") {
elementArr[item.id] = item.getBoundingClientRect().top;
}
});
elementArr.sort();
for (let key in elementArr) {
if (!elementArr.hasOwnProperty(key)) {
continue;
}
if (elementArr[key] > 0 && elementArr[key] < 300) {
if (currentHeading !== key) {
highlightNav(key);
currentHeading = key;
}
break;
}
}
}
</script>
</html>
|