> ## Documentation Index
> Fetch the complete documentation index at: https://trustos.telefonicatech.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication Workflow

The identity inside TrustOS is represented by a `DID` (Decentralized Identifier) which is a unique identifier for the identity. The DID is a string that starts with `did:user:` followed by a UUID. The DID is used to identify the identity in the TrustOS system.

To perform any operation on TrustOS, the user must be authenticated. This authentication is achieved by using a issued TrustOS JWT (JSON Web Token). Any request to TrustOS must include this token in the `Authorization` header, otherwise the request will be rejected.

This JWT will contain the following claims:

* `user`: The DID of the user.
* `qualified`: A boolean that indicates if the user is authorized to perform qualified signatures.
* `iss`: The issuer of the token.
* `iat`: The time the token was issued.
* `exp`: The expiration time of the token.
* `env`: The environment where the token was issued.
