Skip to main content

JWT & key management

This page is a placeholder for HomeNetworkIQ authentication and security guidance.

Overview

HomeNetworkIQ endpoints are protected with JWT Bearer authentication.

HTTPS: Authorization: Bearer <JWT>
NATS: Authorization: Bearer <JWT> (NATS headers)

Token issuance (coming soon)

Where to request tokens (auth endpoint or out-of-band provisioning)
Required claims (iss, aud, tenant identifier claim), and scopes/roles
Token lifetime and refresh strategy

Key generation (coming soon)

Document how signing keys are created and managed.

Typical content to add here:

Signing algorithm (e.g., RS256/ES256/HS256)
JWKS publishing URL (if asymmetric signing)
Rotation strategy (overlap window, revocation)
Environment separation (dev/stage/prod)

Validation (coming soon)

Required headers
Clock skew tolerance
Failure modes and error codes (401 vs 403)

Security considerations (coming soon)

Least privilege (scopes per tenant)
Replay protection (idempotency keys / message IDs if applicable)
Rate limiting and abuse prevention
Audit logging recommendations

Overview
Token issuance (coming soon)
Key generation (coming soon)
Validation (coming soon)
Security considerations (coming soon)