Chat Authentication
Given that Chat API supports multiple clients with different Identity Keys for the same blockchain account, we must validate different payloads:
- Invite Proposals
- Invite Approvals
- Chat Messages
- Chat Receipts
This will be achieved using did-jwt which the different purposes above will have the same mandatory fields:
- iat - timestamp when jwt was issued
- exp - timestamp when jwt must expire
- iss - public key of the identity key (did:key). Enables to fetch attached blockchain account
- ksu - key server for identity key verification
- act - description of action intent. Must be equal to specific value defined in each claims
Expiry will be calculated 30 days (2592000 seconds) from issued date
Invite Proposals
When we are validating invite proposal we must use the following additional fields in the jwt:
- sub - opening message included in the invite
- aud - responder/invitee blockchain account (did:pkh)
- pke - proposer/inviter public key for key exchange (did:key)
- act - description of action intent. Must be equal to "invite_proposal"
Invite Approvals
When we are validating invite approvals we must use the following additional fields in the jwt:
- sub - public key sent by the responder/invitee (did:key)
- aud - proposer/inviter blockchain account (did:pkh)
- act - description of action intent. Must be equal to "invite_approval"
Chat Messages
When we are validating chat messages we must use the following additional fields in the jwt:
- sub - message sent by the author account
- aud - recipient blockchain account (did:pkh)
- xma - extensible media attachment (optional)
- act - description of action intent. Must be equal to "chat_message"
Chat Receipts
When we are validating chat receipts we must use the following additional fields in the jwt:
- sub - hash of the message received
- aud - sender blockchain account (did:pkh)
- act - description of action intent. Must be equal to "chat_receipt"