Connect Token
This token represents a bidirectional connection between two users (mutual, unlike the one-way follow).
The token must contain an audience (aud) field pointing to the identity being connected with. It may carry an optional content (c) field (a short connection message, max 500 chars). For other constraints see the Action Tokens.
Subtypes
| Subtype | Description |
|---|---|
| CONN | New connection request |
| CONN:ACC | Acceptance response (establishes the connection on both sides) |
| CONN:DEL | Disconnect |
Connection Flow
- Alice sends a CONN to Bob. On Bob’s side the request rests at status
C(confirmation) so he can accept or reject — unless hisprofile.connection_modeis set to auto-accept (A) or ignore (I). - Bob accepts: his instance creates a CONN:ACC back to Alice. Both profiles become
Connected. - If both sides independently send a CONN to each other, the second one is detected as mutual and auto-accepted (no manual confirmation).
- Either side may send CONN:DEL to disconnect.
Proof-of-Work
CONN actions carry a proof-of-work nonce in the _ claim and are PoW-verified before signature verification. This rate-limits unsolicited connection requests from strangers.
Content-Addressing
This token is content-addressed using SHA-256:
- The entire JWT token (header + payload + signature) is hashed
- Action ID format:
a1~{base64_hash} - See Content-Addressing & Merkle Trees for details
Database Key
The deduplication key for a connect token is {type}:{issuer}:{audience} (e.g. CONN:alice.example.com:bob.example.com).
Purpose: ensures only ONE active connection from a given issuer to a given audience. A new CONN with the same key supersedes the previous one (which is marked deleted).
Example
User @alice.cloudillo.net wants to connect with @bob.cloudillo.net:
| Field | Value |
|---|---|
| iss | alice.cloudillo.net |
| aud | bob.cloudillo.net |
| iat | 2024-04-13T00:01:10.000Z |
| k | 20240101 |
| t | CONN |
| c | Hi! Remember me? We met last week on the bus. |