Login Verification-JWT Token-Introduction

News 2023-08-26 01:50:26 views: null

JWT

Abbreviation

  • Full name: JSON Web Token (JWT), ( JSON Web Tokens - jwt.io )
  • Defines a concise, inclusive format for securely transmitting information in JSON data format between communicating parties. This information is reliable due to the presence of digital signatures.

composition

  • Header: The header of a JWT usually consists of two parts: the type of token (ie JWT) and the signature algorithm used (such as HMAC SHA256 or RSA). The header will be Base64 encoded , but not encrypted. For example: {"alg":"HS256", "type":"JWT"}

    • Base64 encoding is an encoding method based on 64 printable characters (AZ, az, 0-9, +, /) to represent binary data

  • Payload: The payload is the second part of the JWT and contains claims that describe information about the user and other data. The payload of JWT can contain predefined claims (such as iss (issuer), exp (expiration time), etc.) and custom claims. The payload is also Base64 encoded, but not encrypted.

  • Signature (Signature): The signature is the third part of JWT, which is used to verify the integrity and authenticity of JWT. The signature is generated by encrypting the header, payload and a key. After receiving the JWT, the server uses the same key and signature algorithm to verify the signature to ensure that the JWT has not been tampered with.

specific example

```

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c


```

In this example, the JWT token consists of three parts, each separated by a dot (.) :

1. Header: `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9`, which contains the type of token ("alg") and the encryption algorithm used ("typ").

2. Payload: `eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ`, which contains some claims, such as user ID, username, and token issuance time.

3. Signature: `SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c`, which is generated by the header, payload, secret key and encryption algorithm, and is used to verify the authenticity of the token.

JWT tokens are commonly used for authentication and authorization, allowing secure data transfer between clients and servers.

scenes to be used

  • login authentication
    • We send a request from the browser to request a login operation, and we will access the login interface. If the login is successful, the server needs to generate a JWT token (token generation ) , and then return the generated JWT token to the front end, and the front end will pass the JWT token The card is stored, and then the JWt token will be carried to the server in each subsequent request, and the server will intercept it uniformly and make a judgment ( verify the token ).

Guess you like

Origin blog.csdn.net/weixin_64939936/article/details/132503290
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com