[blog] improve jwt post

capcom6 · capcom6 · commit 0f0df954746b · 2025-12-10T09:30:43.000+07:00
diff --git a/docs/assets/blog/jwt-authentication-migration.png b/docs/assets/blog/jwt-authentication-migration.png
diff --git a/docs/blog/index.md b/docs/blog/index.md
@@ -5,10 +5,12 @@ Welcome to the SMSGate blog! Here you'll find the latest news, updates, and tech
 ## Categories
 
 - [**API**](/blog/category/api/): Technical documentation and integration guides for RESTful API endpoints
+- [**Authentication**](/blog/category/authentication/): Strategies and techniques for secure user authentication and authorization
 - [**Best Practices**](/blog/category/best-practices/): Recommended approaches and optimization techniques for common scenarios
 - [**Documentation**](/blog/category/documentation/): Comprehensive reference materials and detailed platform guides
 - [**Features**](/blog/category/features/): In-depth explorations of platform capabilities and advanced functionality
 - [**IoT**](/blog/category/iot/): Use cases and implementation strategies for Internet of Things applications
+- [**Security**](/blog/category/security/): Tips and best practices for secure communication and data protection
 - [**Tutorials**](/blog/category/tutorials/): Step-by-step implementation guides for specific workflows
 
 ---
diff --git a/docs/blog/posts/2025-12-09_jwt-authentication-migration.md b/docs/blog/posts/2025-12-09_jwt-authentication-migration.md
@@ -16,6 +16,10 @@ Enter JWT (JSON Web Token) authentication—a token-based authentication mechani
 
 <!-- more -->
 
+<center>
+  <img src="/assets/blog/jwt-authentication-migration.png" alt="JWT Authentication Migration">
+</center>
+
 ## 🎯 Why JWT Authentication?
 
 ### The Basic Auth Problem
@@ -52,12 +56,12 @@ JWT authentication addresses these concerns with a modern, secure approach:
 
 A JWT token consists of three base64-encoded parts separated by dots:
 
-```
+```text
 Header.Payload.Signature
 ```
 
 **Example Token:**
-```
+```text
 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwic2NvcGVzIjpbIm1lc3NhZ2VzOnNlbmQiXSwiZXhwIjoxNzMzNzg1MjAwfQ.signature_here
 ```
 
@@ -175,9 +179,10 @@ To generate a JWT token, make a POST request to the token endpoint using your ex
 **Response:**
 ```json
 {
-  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
+  "id": "nHDAWaPS6zv3itRUpM9ko",
   "token_type": "Bearer",
-  "expires_at": "2025-12-09T15:30:00Z"
+  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
+  "expires_at": "2025-12-10T03:03:09Z"
 }
 ```
 
@@ -471,7 +476,7 @@ admin_token = get_token(scopes=["all:any"])
 Revoke tokens when no longer needed:
 
 ```python
-def revoke_token(token):
+def revoke_token(token, jti):
     """Revoke a JWT token"""
     response = requests.delete(
         f"https://api.sms-gate.app/3rdparty/v1/auth/token/{jti}",
@@ -584,34 +589,34 @@ else:
 Use this checklist for a smooth transition:
 
 - [ ] **Week 1: Preparation**
-  - [ ] Review JWT documentation
-  - [ ] Test token generation in development
-  - [ ] Identify all services using Basic Auth
-  - [ ] Plan scope requirements per service
+    - [ ] Review JWT documentation
+    - [ ] Test token generation in development
+    - [ ] Identify all services using Basic Auth
+    - [ ] Plan scope requirements per service
 
 - [ ] **Week 2: Implementation**
-  - [ ] Implement token management class
-  - [ ] Add JWT support to existing clients
-  - [ ] Create dual-auth fallback mechanism
-  - [ ] Set up monitoring for auth errors
+    - [ ] Implement token management class
+    - [ ] Add JWT support to existing clients
+    - [ ] Create dual-auth fallback mechanism
+    - [ ] Set up monitoring for auth errors
 
 - [ ] **Week 3: Testing**
-  - [ ] Test in staging environment
-  - [ ] Verify all scopes work correctly
-  - [ ] Load test JWT performance
-  - [ ] Document token refresh flows
+    - [ ] Test in staging environment
+    - [ ] Verify all scopes work correctly
+    - [ ] Load test JWT performance
+    - [ ] Document token refresh flows
 
 - [ ] **Week 4: Deployment**
-  - [ ] Deploy JWT support to production
-  - [ ] Monitor error rates
-  - [ ] Gradually shift traffic to JWT
-  - [ ] Keep Basic Auth as fallback
+    - [ ] Deploy JWT support to production
+    - [ ] Monitor error rates
+    - [ ] Gradually shift traffic to JWT
+    - [ ] Keep Basic Auth as fallback
 
 - [ ] **Week 5+: Cleanup**
-  - [ ] Verify 100% JWT usage
-  - [ ] Remove Basic Auth code
-  - [ ] Update all documentation
-  - [ ] Archive Basic Auth credentials
+    - [ ] Verify 100% JWT usage
+    - [ ] Remove Basic Auth code
+    - [ ] Update all documentation
+    - [ ] Archive Basic Auth credentials
 
 ## 🎉 Conclusion
 
