docs(user): add frequently asked questions page (#422)

Closes #400
This commit is contained in:
Xe Iaso 2025-05-02 14:53:53 -04:00 committed by GitHub
parent 9e760b1c16
commit 92d3dd361b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 24 additions and 4 deletions

View file

@ -37,7 +37,7 @@ flowchart TD
ValidateChallenge -- If anything is wrong --> Fail
```
### Challenge presentation
## Challenge presentation
Anubis decides to present a challenge using this logic:
@ -89,7 +89,7 @@ work valid?"}
PresentChallenge -- Back again for another cycle --> Request
```
### Proof of passing challenges
## Proof of passing challenges
When a client passes a challenge, Anubis sets an HTTP cookie named `"within.website-x-cmd-anubis-auth"` containing a signed [JWT](https://jwt.io/) (JSON Web Token). This JWT contains the following claims:
@ -102,7 +102,7 @@ When a client passes a challenge, Anubis sets an HTTP cookie named `"within.webs
This ensures that the token has enough metadata to prove that the token is valid (due to the token's signature), but also so that the server can independently prove the token is valid. This cookie is allowed to be set without triggering an EU cookie banner notification; but depending on facts and circumstances, you may wish to disclose this to your users.
### Challenge format
## Challenge format
Challenges are formed by taking some user request metadata and using that to generate a SHA-256 checksum. The following request headers are used:
@ -115,6 +115,6 @@ Challenges are formed by taking some user request metadata and using that to gen
This forms a fingerprint of the requestor using metadata that any requestor already is sending. It also uses time as an input, which is known to both the server and requestor due to the nature of linear timelines. Depending on facts and circumstances, you may wish to disclose this to your users.
### JWT signing
## JWT signing
Anubis uses an ed25519 keypair to sign the JWTs issued when challenges are passed. Anubis will generate a new ed25519 keypair every time it starts. At this time, there is no way to share this keypair between instance of Anubis, but that will be addressed in future versions.