QTRCodes
Best mechanism for including a signature in URL? #5
Closed
OllieJC
started this conversation in
Ideas and Suggestions
Replies: 1 comment
-
|
The more I consider this, the more I think this is sensible. Libraries etc. already exist around JWT handling and the usage allows for setting expiry and other headers that can be utilised client side without making a request. I'll close this discussion and make some suggested changes to the spec. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Instead of a custom solution for
x-qtrparameters ({version}{key_location}{key_id}-{signature}) would JWTs be a more sensible option even if it means an increase to the URL size and therefore larger QR codes?Benefits of JWTs is the ability to add a header including issuer, expiry time etc.
For example:
tel:+441234567890#x-qtr=1d1234-TVuX6dqmmVi-nF8YLo8GquM5MfsLqexcv4KXmGliNt--c2RT6b34sR2dQfD3O20OlhjpDRXAPLh3DAgZ0KClBw&x-qtr-d=example.com(137 characters)tel:+441234567890#x-qtr=eyJhbGciOiJFZERTQSIsImlzcyI6ImV4YW1wbGUuY29tIiwia2lkIjoiMTIzNCJ9.eyJxdHIiOiIxZCJ9.TVuX6dqmmVi-nF8YLo8GquM5MfsLqexcv4KXmGliNt--c2RT6b34sR2dQfD3O20OlhjpDRXAPLh3DAgZ0KClBw(192 characters){"alg":"EdDSA","iss":"example.com","kid":"1234"}.{"qtr":"1d"}.SIGNATUREBeta Was this translation helpful? Give feedback.
All reactions