Merge pull request #1644 from fh1ch/clarify-kid-format
Clarify kid format for JWT token auth in docs
This commit is contained in:
commit
47d14555c0
1 changed files with 11 additions and 2 deletions
|
@ -69,8 +69,17 @@ Token has 3 main parts:
|
||||||
|
|
||||||
The header of a JSON Web Token is a standard JOSE header. The "typ" field
|
The header of a JSON Web Token is a standard JOSE header. The "typ" field
|
||||||
will be "JWT" and it will also contain the "alg" which identifies the
|
will be "JWT" and it will also contain the "alg" which identifies the
|
||||||
signing algorithm used to produce the signature. It will also usually have
|
signing algorithm used to produce the signature. It also must have a "kid"
|
||||||
a "kid" field, the ID of the key which was used to sign the token.
|
field, representing the ID of the key which was used to sign the token.
|
||||||
|
|
||||||
|
The "kid" field has to be in a libtrust fingerprint compatible format.
|
||||||
|
Such a format can be generated by following steps:
|
||||||
|
|
||||||
|
1. Take the DER encoded public key which the JWT token was signed against.
|
||||||
|
|
||||||
|
2. Create a SHA256 hash out of it and truncate to 240bits.
|
||||||
|
|
||||||
|
3. Split the result into 12 base32 encoded groups with `:` as delimiter.
|
||||||
|
|
||||||
Here is an example JOSE Header for a JSON Web Token (formatted with
|
Here is an example JOSE Header for a JSON Web Token (formatted with
|
||||||
whitespace for readability):
|
whitespace for readability):
|
||||||
|
|
Loading…
Reference in a new issue