Minecraft Genuine login (get 32 token)

Language 2020-03-09 21:24:20 views: null

For the convenience of the service because mojang end to accesstoken, it will accesstoken adopt jwt

What is jwt:

jwt full name: JSON WEB TOKEN

origin

Speaking of JWT, we should talk about the difference between token-based authentication and certification of traditional session.

Traditional session authentication

We know, http protocol itself is a stateless protocol, and this means that if the user provides a user name and password to our application for user authentication, then the next time request, the user should once again perform user authentication before OK, because, according to the http protocol, we can not know which user request is sent, so in order to make our application can identify which user request is issued, the information we can store a copy of the server user login, this login information It will be passed to the browser in response, telling save it as a cookie, so that next time the application is sent to our request, so that our application will be able to identify which user requests from, and this is the traditional session-based authentication. But this session-based authentication so that the application itself is difficult to be expanded, with the increase of users of different clients, independent of the server is unable to carry more users, but this time the problem-based session authentication application will be exposed.

Session-based authentication problems revealed

Session: Each user authentication after our application, our application on the server must do a record, to facilitate the identification of the user's next request, general session are stored in memory, and as the authenticated user increase in the cost of the server will be significantly increased. Scalability: After user authentication, the server doing the authentication record, if authenticated records are stored in memory, then it means that the user requests the next request must also be on this server, so as to get the authorization of resources, so in a distributed application, the corresponding limits the ability of the load balancer. This also means that limits the scalability of applications. CSRF: Because it is based on a cookie to identify the user, if the cookie is intercepted, the user could be vulnerable to cross-site request forgery attacks.

The token-based authentication mechanism

Similar to the http protocol is stateless token-based authentication mechanism, which does not require the server to retain the authentication information or session information of the user. This means that applications based on token authentication mechanism does not need to consider which server the user is logged in, which facilitated the application of the extension. The process is such that: a user for username and password to the server requests the user information server for authentication server token value to the user authentication client stores a token token, and each request comes in on the server token value is verified, and returns the data to the token must pass each request to the server, it should be kept in a request in advance, in addition, the server should support CORS (cross-origin resource sharing) strategy, we usually do it on the server side Access-Control-Allow-Origin: *. So we are now back to the topic of JWT.

JWT look like?

JWT is composed of three pieces of information, these three pieces of information with a text link together constitute Jwt string. like this:

eyJhbGcioiJIUzl1Ni9.eyJzdWioil4YzU3ZTViOGQ2YjOxMDNIODUOZGE3Y2JhM2EOMWFjZilsIm5iZil6MTU3MTI40TkzMCwieWdndCl6ljdkMDk3YTk2ZTlyoDRkMDhhZjQoMzY4NDkzMDQOODMSliwiC3ByljoiZmRIZTQ3YWJmYmZINDAXMmlyODAyMzQ1MTQ3NDY3MWQiLC.8OCzli-E8F-hq2pnUtfWTK2aAigjRJgIxil7s1lHfkk

As we can split the string will get three sections, one or two can be two strings by Base64 decoding the following:

{
  "alg":"HS256"
}
{
 "sub":"8c57e5b8d6b4103e854da7cba3a41acf",
 "nbf":1571289930,
 "yggt":"7d097a96e2284d08af44368493044839",
 "spr":"fdee47abfbfe4012b28023451474671d",
 "roles":[],
 "iss":"internal-authentication",
 "exp":1571462730,
 "iat":1571289930
}

The wiki describes mojang provided token may be acquired to obtain the desired value yggt

So the token is 7d097a96e2284d08af44368493044839

s⁶⁶⁶⁶⁶⁶⁶⁶⁶⁶
Released three original articles · won praise 3 · Views 490
Private letter concerns

Guess you like

Origin blog.csdn.net/BaiBao132/article/details/104761145
Recommended
Domestic cloud input method - only Huawei has no cloud data upload security issues
Open Source Daily | Industrial open source project OGG 1.0; Sister, do you want to configure Firefox with me? Apple AI is far behind? Fedora 40
Ranking
Deploy Tomcat (Web) services Comments
jquery: event mechanism bind() on()
The simple and easy-to-understand basic encapsulation module makes Web testing easier!
Oracle Database on Linux solutions Chinese garbled
Talk about the REST API of Eureka Server
Instructions for companies applying for ISO certification
Spring mvc framework adds encryption/decryption of messages
Transport layer protocol-introduction of TCP protocol and the process of three-way handshake and four-time disconnection, and the difference with UDP protocol
MockMvc and Mockito - java.lang.AssertionError: JSON path "$" Expected: a collection with size <2> but: collection size was <0>
Redis cluster creation
Daily
More
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)

Code World

© 2018 codetd.com