# Authentication via Token

## Introduction

This manual describes the authentication procedure via Token from the SPID Client to the SPID Server.

## Procedure

Access the server where the SPID Server is, open the file `user.json`. In this file, add a username and password or edit a user that will not compromise the operation of SPID. Note that the password must be encrypted in SHA-256.

{% hint style="info" %}
If you have any questions, contact Griaule's Support Team.
{% endhint %}

Example of how the file section should look, considering a user called “griaule” and the password “teste”:

```json
{
	"user": "griaule",
	"pass": 46070d4bf934fb0d4b06d9e2c46e346944e322444900a435d7d9a95e6d7435f5,
	"role": [
		"ROLE_ADMIN",
		"ROLE_USER"
	]
}
```

{% hint style="warning" %}
Do not remove the other users from this file; removal may compromise the application's operation.
{% endhint %}

On the SPID Client machine, go to `C:\Griaule\SPID_Griaule\jre\bin` and run the encrypt.jar file with the password chosen in the previous step.

```sh
.\java.exe -jar .\encrypt.jar teste
```

If everything goes correctly, the response should be, for the password `teste`:

```
Encrypted password is: 2JnIAzJa4ZwiamcKOAnJNg==
```

Open the file `GBSSpid2.properties` in the folder `C:\Griaule\SPID\conf\` and insert the encrypted password in the field `server.password`.

```properties
#GBDS Server connection
server.url=<URL>
server.username=griaule
server.password=2JnIAzJa4ZwiamcKOAnJNg==
```

On the server machine, restart the SPID Server.

```sh
sudo service spid restart
```

Open SPID Services; if the process is successful, the server will show the following message:

```json
{
	"event": "Authorization",
	"eventResult": "JWT Token Authorized"
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.griaule.com/psbio/en/spid/spidtoken.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.