Introduction
JWT:
- json web token, is a specification
- It consists of three parts
- Header head
- Payload PayLoad
- Signature Signature
- Use . To upper portion 3 is connected
- “Token” : Header+"."+PayLoad+"."+Signature
Header
Header action is used to indicate the encryption algorithm used to sign the
{
"typ":"JWT",
"alg":"HS256"lag
}
Change typically will first Base64 encoded data after splicing json
PayLoad
Payload for storing some of the information, which should contain claims
claims
Audience string `json:"aud,omitempty"`
ExpiresAt int64 `json:"exp,omitempty"`
Id string `json:"jti,omitempty"`
IssuedAt int64 `json:"iat,omitempty"`
Issuer string `json:"iss,omitempty"`
NotBefore int64 `json:"nbf,omitempty"`
Subject string `json:"sub,omitempty"`
1. aud 标识token的接收者.
2. exp 过期时间.通常与Unix UTC时间做对比过期后token无效
3. jti 是自定义的id号
4. iat 签名发行时间.
5. iss 是签名的发行者.
6. nbf 这条token信息生效时间.这个值可以不设置,但是设定后,一定要大于当前Unix UTC,否则token将会延迟生效.
7. sub 签名面向的用户
Wherein, if the definition exp
and iat
then using the back jwt.Parse()
when, it will automatically check whether expired
After the first payload also generally Base64 encoding before subsequent splicing
Signature
Encryption algorithms and application Header Header Payload JSON data (typically the private key plus user-defined) by
JWT包
go get github.com/dgrijalva/jwt-go
use
Generate a token
import (
"time"
"github.com/dgrijalva/jwt-go"
)
var key string = "key"
func GenerateToken() (string, error) {
token := jwt.new(jwt.SigningMethodHS256)
claims := make(jwt.MapClaims)
claims["sub"] = 1 //用于在controller中确定用户
claims["exp"] = time.Now().Add(time.Hour.Truncate(72)) //设置过期时间为72小时后
clamis["iat"] = time.Now().Unix()//用作和exp对比的时间
token.Claims = claims
tokenString, err := token.SignedString([]byte(key))
if err != nil {
return nil, err
}
return tokenString, nil
}
Verification token
Generally used as middleware to verify whether the user is legal
import (
"fmt"
"time"
"github.com/dgrijalva/jwt-go"
)
var key string = "key"
func AuthCheck(tokenString string) bool {
token := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error)) {
//验证是否是给定的加密算法
_, ok := token.Method.(*jwt.SigningMethodHMAC)
if !ok {
return false
}
return []byte(key)
})
if !token.Valid {
return false
} else {
claims := token.Claims.(jwt.MapClaims)
fmt.Println(claims["sub"])
return true
}
}
At last
Token generated like this
eyJfasghabgdsgI1NiIsInRfasfaVCJ9.eyJleHAiOjE1NDA2MDgyODgsdasaI6IllEUgasgasdaiwiYWRtaW4iOnRydWV9.8wE-_Wx-DHIqweXJ9KT5JOdasCEaUNEIGDy9CUbM