JWT brief description

Others 2019-12-15 03:34:30 views: null

What is JWT?

JSON Web Token (JWT) is an open standard ( the RFC 7519 ) defined for secure transmission is compact, self-contained (Note: Description or from) the Json structure, the information transmitted by the contents of the algorithm JWT + keys for encryption and decryption, to ensure that the information credible. JWT can use an encrypted string (using HMAC symmetric algorithms, or asymmetric algorithm is RSA and the ECDSA )

JWT use

JWT is mainly used for two scenarios: 认证(Authorization)with信息加密传递

JWT structure

JWT is divided into three parts:

  • Header
  • Payload
  • Signature

JWT form Header.Payload.Signature, three parts are made by json encryption Base64, that is to say: JWT can be read by anyone, as long as the use Base64UrlENcode decryption under it! (Encrypted information back to speak)

A description of each part and its three components:

Header This section contains the token algorithm used (alg: algorithm, commonly used HMAC SHA256 or RSA) and token types (typ: Token Type, JWT type only "typ":"JWT") looks like is not encrypted before

{
    "alg": "HS256",
    "typ": "JWT"
}

Payload

This section contains information section Payload token, this part may contain information that has been registered, the public information, private information, it provides many customizable

The official gave the name of the defined parameters recommended (already registered information):

  • "iss" (Issuer) Claim
  • "sub" (Subject) Claim
  • "aud" (Audience) Claim
  • "exp" (Expiration Time) Claim
  • "nbf" (Not Before) Claim
  • "iat" (Issued At) Claim
  • "jti" (JWT ID) Claim

Official examples:

{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true
}

Public information, private information is customized, be careful not to conflict with the official to the other to keep the parameters as little as possible and do not expose private data

JWT's length is longer, if stored in a cookie JWT, may be a breakthrough 4k cookie storage limit, it is necessary to keep the parameters as little as possible

Signature

Signature algorithm using the key portion side Header information transmission defined in (public / private), after the encrypted Header and Payload Base64Url used .together, encrypted signatures obtained. JWT is used to verify that this information has not been tampered with

Finally used together integrally .joined together, it is a long way:

Warning below

This paper is mainly used to elicit JWT hereinafter as the token storage Spring Security OAuth2

Guess you like

Origin www.cnblogs.com/hellxz/p/12041701.html
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com