Connect Token
This token represents a connection intent created by a user.
The connect token can contain a content (c) field in markdown format. The token must contain an audience (aud) field which points to the identity the user is connecting with. For other constraints see the Action Tokens.
Content-Addressing
This token is content-addressed using SHA-256:
- The entire JWT token (header + payload + signature) is hashed
- Action ID format:
a1~{base64_hash} - See Content-Addressing & Merkle Trees for details
Database Key
The database key for a connect token is [iss, t, aud]
Purpose: This key ensures that a user can only have one active connection intent to a specific identity. The key components are:
iss: Issuer identity (who is connecting)t: Token type (“CONN”)aud: Audience (who they’re connecting with)
Example:
- Alice sends connection to Bob → Stored with key
[alice.example.com, "CONN", bob.example.com] - Alice updates the connection message → New token with same key, previous one is marked deleted
- Only ONE connection intent from Alice to Bob at a time
Example
User @alice.cloudillo.net wants to connect with @bob.cloudillo.net:
| Field | Value |
|---|---|
| iss | alice.cloudillo.net |
| aud | bob.cloudillo.net |
| iat | 2024-04-13T00:01:10.000Z |
| k | 20240101 |
| t | CONN |
| c | Hi! Remember me? We met last week on the bus. |