Arianee Access Token

Before you begin

What is the Arianee Access Token?

An Arianee Access Token is an Ethereum Web Token or JSON Web Token using the Ethereum algorithm signature. It is very similar to an Arianee Proof, but it does not require a blockchain transaction, it is made off-chain.

The Arianee Access Token allows to prove that a user owns a wallet without sharing its private key.

header.playload.signature

eyJ0eXAiOiJKV1QiLCJhbGciOiJFVEgifQ==.eyJpc3MiOiIweDQ5NjdmOTZBOTUyMDk2Q2IxODAyRDM3NWNCNzAzMTRmODcyOUE5NzciLCJzY29wZSI6ImFsbCIsImV4cCI6MTU5NTkxMzMyNDk1OSwiaWF0IjoxNTk1OTEzMDI0OTYwLCJjaGFpbiI6InRlc3RuZXQiLCJzdWIiOiJjZXJ0aWZpY2F0ZSIsInN1YklkIjozNzAzNDU0fQ==.0x1a13a3f9f47b31212bfca68b67e17053c9a95d68d356bb540c7f7af77682699316a34fdb44c07a744e8584a41a5beea5b86ba92d97a4ab03ec5598f50a3f81f21c

HEADER
{
  "typ": "JWT",
  "alg": "ETH"
}
BODY
{
  "iss": "0x4967f96A952096Cb1802D375cB70314f8729A977",
  "scope": "all",
  "exp": 1595913324959,
  "iat": 1595913024960,
  "chain": "testnet",
  "sub": "certificate",
  "subId": 3703454
}

The Arianee Access Token is valid if:

• iss (issuer) signed it.
• It is used before exp (expiration). The expiration time format must be an integer in seconds. It represents the number of seconds since the epoch.

What for?

Arianee Access Token is similar to a JSON Web Token but signed by a wallet. They are widely used as a secure way of transmitting information between stakeholders in a web application environment. Find below some other advantages:

• Off-chain: it does not require any blockchain transaction: so it is free to sign a JSON Web Token (no transaction cost) and it is instant.
• Compact & efficient: lightweight and can be sent via HTTP headers, which makes them efficient for use in API authentication and authorization.
• Stateless: does not require a database lookup to validate their authenticity. All the information required to validate the token is contained within the token itself, making it easy to use in a stateless architecture.
• Cross-domain compatibility: can be easily passed between different domains, which is useful in a micro-services architecture where different services are running in different domains.
• Secure: signed using a secret or a public/private key pair, which makes them tamper-proof.
• Flexible: can carry a large amount of information in a compact format, making them flexible and useful for many use cases, including user authentication and authorization, as well as session management.

Let's start 🚀

Instantiate the class with a core instance and a wallet address.

const core = core.fromPrivateKey('0x...');  
const arianeeAccessToken = new ArianeeAccessToken(core);

Methods List

Generate an Arianee Access Token - Wallet scope

createWalletAccessToken()

promise returns a string as the Arianee Access Token.

Generate an Arianee Access Token - NFT scope

Method

createCertificateArianeeAccessToken(certificateId: number, network: string)

Result: promise returns a string as the Arianee Access Token.

Generate an Arianee Access Token link

Method

createActionArianeeAccessTokenLink(url: string, certificateId: number, network: string)

Result: promise returns a string as the URL of the Arianee Access Token attached to it.

Check if an Arianee Access Token is valid

Method

static isArianeeAccessTokenValid(arianeeAccessToken: string)

Result: promise returns boolean.

Decode an Arianee Access Token

Method

static decodeJwt(arianeeAccessToken: string)

Result: promise returns an object with Arianee Access Token components:

• header
• playload
• signature