verification method
About Certification:
https://www.cnblogs.com/badboyh2o/p/11068779.html
https://www.cnblogs.com/badboyh2o/p/11069470.html
Token Authentication
- Use: generally used for login, token contains licensing information.
- How it works: Any request, come with token; token server to determine the legality of the request based on.
- Disadvantages: If the message was hijacked in the middle, then the token it leaked, then (token validity period) hacker can construct any requests.
AK / SK Certification
- Uses: generally used for background execution authentication server API call; the AK user identification, SK as a symmetric secret key encrypted communication. ?
- principle:
Client:
Construction http request (including the access key);
Content use request and use a signature (signature) secret access key terms;
Sending a request to the server.
Server:
The transmission of the access key database lookup to obtain a corresponding secret-key;
Using the same algorithm and the contents of the request with the calculated secret-key signature (signature), as step 2;
Compare signatures and server computing signatures sent by the user, both the same as the authentication succeeds, otherwise fail.