jwt authentication for rpc interface
jangko opened this issue · comments
andri lim commented
The upcoming engine
JSON-RPC interface, exposed by eth-EL and consumed by eth-CL, needs to be authenticated.
Read the rest of this information in:
- Eth-Engine API authentication spec
- https://jwt.io/
- RFC 7519
- see also status-im/nim-websock#101
- Simplified JWT explanation
For HTTP dialogue, each jsonrpc request is individually authenticated by supplying JWT token in the HTTP header.
we can implement this as HTTP header validation plugin, thus we don't need to deal with the jwt itself but only care about the plugin result.
maybe we can fork https://github.com/yglukhov/nim-jwt or take some idea from there