<macaroon(s)>:<preimage>
pairs, where the preimage is encoded as hex and the macaroon is encoded as base64. Multiple macaroons are base64 encoded individually and listed comma separated before the colon.
This scheme is not considered to be a secure method of user authentication unless used in conjunction with some external secure system such as TLS, as the macaroon and preimage are passed over the network as cleartext.macaroons
→ <base64 encoding>, comma separated if multiple macaroons are present
preimage
→ <hex encoding>
token
→ macaroons ":" preimageWWW-Authenticate
header ([RFC7235], Section 4.1) field to indicate the LSAT authentication scheme and the macaroon needed for the client to form a complete LSAT."AGIAJEemVQUTEyNCR0exk7ek90Cg=="
is the macaroon that the client must include for each of its authorized requests and "lnbc1500n1pw5kjhmpp..."
is the invoice the client must pay to reveal the preimage that must be included for each of its authorized requests."AGIAJEemVQUTEyNCR0exk7ek90Cg=="
(already base64-encoded by the server) and the preimage "1234abcd1234abcd1234abcd"
(already hex encoded by the payee's Lightning node), they would use the following header field:<macaroon(s)>:<preimage>
pairs where the preimage is encoded as hex and the macaroon is encoded as base64. Multiple macaroons are base64 encoded individually and listed comma separated before the colon. As above, this scheme is not considered to be a secure method of user authentication unless used in conjunction with some external secure system such as TLS, as the macaroon and preimage are passed over the network as cleartext.200 OK
, the Content-Type
header, and the following trailers: grpc-message
and grpc-status
."CJIDEgxtaXNzaW5nIExTQVQaeQ…"
is the serialized gRPC status proto."AGIAJEemVQUTEyNCR0exk7ek90Cg=="
(already base64-encoded by the server) and the preimage "1234abcd1234abcd1234abcd"
(already hex encoded by the payee's Lightning node), they would use the following header field: