X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=README.md;fp=README.md;h=d93a06e96f2752fa170a49687ba957d59ccbc4a6;hb=69a2f5e7d73dd3f58e07b652c306daa8b253245d;hp=0000000000000000000000000000000000000000;hpb=49cf45515817fbd4479c654d89c8a56c292298bb;p=squeep-resource-authentication-module

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d93a06e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+# @squeep/resource-authentication-module
+
+Inter-server API authentication management.
+
+Specific to Squeep Framework Applications, this module has strong opinions and makes many assumptions.
+
+This is just a time-gated pre-shared-secret HMAC bearer-token scheme.
+
+## Details
+
+A token is constructed with:
+
+- a resource identifier, which is a UUID, rendered as 24 bytes of base64url encoded string
+- the current epoch, which is rendered as a base10 string
+- a salt value, which is random data rendered in 28 bytes of base64url encoded string
+- a sha256 hmac of the above data, rendered as a base64url encoded string
+
+These fields are all joined with ':' to form the token.