Proposed update for auth response data format

[shea256]

Auth Response Format

{
  header: {
    typ: "JWT",
    alg: "ES256K"
  },
  payload: {
    jti: '0b42722b-e781-434a-805d-c09c476e86b9',
    iat: 1482268876495,
    exp: 1482268876495,
    sub: "did:bsk:17bWfXcFNNhG8Nu6KZopT17KZGPXxjiA9n-0",
    iss: "did:bsk:17bWfXcFNNhG8Nu6KZopT17KZGPXxjiA9n-0",
    issPublicKeys: [
      "03d03f2c3f7e3cf225757cb303ca91d5a243ad9057485ce2e39fe47b1159bd8c9a"
    ],
    api: {
      baseURL: "http://localhost:3000/api/v1",
      nameLookup: {
        url: "/names/{name}",
        methods: ["GET"]
      },
      addressLookup: {
        url: "/addresses/{address}",
        methods: ["GET"]
      },
      profile: {
        url: "/profile",
        methods: ["GET"]
      },
      collections: [
        {
          url: "/collections/schema.org:ImageObject",
          methods: ["GET", "POST"]
        },
        {
          url: "/collections/schema.org:AudioObject",
          methods: ["GET", "POST"]
        }
      ],
      store: {
        url: "/stores/helloblockstack.com",
        methods: ["GET", "PUT"]
      }
    }
  }
}

[taoeffect]

I hope that in going with JWTs you're not restricting yourself to their prescribed set of curves/ciphers.

[taoeffect]

For reference, RFC 7519 is the JWT RFC, and RFC 7518 maps a few algo abbreviations to their definitions.

Note that the RFCs only describe a handful of algorithms that must be supported to conform to JWT, but leave the door open to support any algorithm of your choosing, meaning you don't have to go with their poor choices if you don't want.

[shea256]

Thanks @taoeffect!

Yeah we're currently using Bitcoin's curve: SECP256k1. We're not using SECP256r1, which is the JWT standard referred to internally as "ES256".

I also tagged you in this thread since we're having a related discussion: https://forum.blockstack.org/t/why-do-blockstacks-use-of-jwt-diverge-from-standards/445/7