sign in
Single sign-on means that when you log in to one system in a multi-system application, you can be authorized in other systems without logging in again. In the process of authorization, JWT needs to be used to transmit secure and reliable information between the user and the server.
What is JWT
Json Web Token is a very lightweight specification used to transmit secure and reliable information between users and servers.
Applicable scene
JWT is suitable for passing some non-sensitive information to web applications, such as adding friends, placing orders and other operations. But operations such as paying an order are best not to use JWT.
composition
A JWT is actually a string, including header, payload and signature.
head
The header describes the most basic information of the JWT, such as its type and the algorithm used for the signature. This can also be represented as a JSON object.
{
"typ": "JWT",
"alg": "HS256"
}
load
The payload has five fixed fields, which are
1.iss: the issuer of
the JWT 2.sub: the user that the JWT is facing
3.aud: the party that receives the JWT
4.exp(expires): when it expires, here is a Unix timestamp
5.at(issued at): when was it issued
Both the header and the payload will use base64 encoding to encode the above information into a string.
sign
Concatenate the above two encoded strings with ., then encrypt them with the HS256 algorithm, and then splicing them to the back of the signed string to obtain a complete JWT.
The purpose of using the signature is to know whether the information has been tampered with. The signature of the tampered information will be generated repeatedly. Users only need to check whether the signatures are consistent to determine whether the information has been touched by others.