forked from TrueCloudLab/distribution
Merge pull request #1644 from fh1ch/clarify-kid-format
Clarify kid format for JWT token auth in docs
This commit is contained in:
commit
47d14555c0
1 changed files with 11 additions and 2 deletions
|
@ -69,8 +69,17 @@ Token has 3 main parts:
|
|||
|
||||
The header of a JSON Web Token is a standard JOSE header. The "typ" field
|
||||
will be "JWT" and it will also contain the "alg" which identifies the
|
||||
signing algorithm used to produce the signature. It will also usually have
|
||||
a "kid" field, the ID of the key which was used to sign the token.
|
||||
signing algorithm used to produce the signature. It also must have a "kid"
|
||||
field, representing the ID of the key which was used to sign the token.
|
||||
|
||||
The "kid" field has to be in a libtrust fingerprint compatible format.
|
||||
Such a format can be generated by following steps:
|
||||
|
||||
1. Take the DER encoded public key which the JWT token was signed against.
|
||||
|
||||
2. Create a SHA256 hash out of it and truncate to 240bits.
|
||||
|
||||
3. Split the result into 12 base32 encoded groups with `:` as delimiter.
|
||||
|
||||
Here is an example JOSE Header for a JSON Web Token (formatted with
|
||||
whitespace for readability):
|
||||
|
|
Loading…
Reference in a new issue