Simple authentication using HMAC JWTs with rotating keys
POST login
Body: username={user}&password={password}
Response:
- Status:
200 OK - Headers:
"Set-Cookie: jwt={JWT}"
(Note by default this will create a user if one doesn't exist)
Each client has a unique JSON Web Token structed as follows.
{
"alg": "HS256",
"typ": "JWT"
}
{
"version": 1
"username": "abc",
"exp": {Expiration Unix Timestamp}
"kid": base64UrlEncode(sha256(K))
}
HMACSHA256(
base64UrlEncode(Header) + "." +
base64UrlEncode(Payload),
K
)
base64UrlEncode(Header) + "." +
base64UrlEncode(Payload) + "." +
base64UrlEncode(MAC)