jwt auth
Most web apps use security measures to make sure user data stays private. Authentication is a key part of security and JSON Web Tokens (JWT) are a great way to implement authentication.
大多数Web应用程序都使用安全措施来确保用户数据保持私密性。 身份验证是安全性的关键部分,JSON Web令牌(JWT)是实现身份验证的好方法。
那么什么是JSON Web令牌? (So what are JSON Web Tokens?)
JWT is a standard that defines a compact and self-contained way to securely transmit information between a client and a server as a JSON object. The compact size makes the tokens easy to transfer through an URL, POST parameter, or inside an HTTP header. Also, since they are self-contained they include all the necessary information about a user so the database does not need to be queried more than once.
JWT是一种标准,它定义了一种紧凑且独立的方法,以在客户端和服务器之间安全地将信息作为JSON对象传输。 紧凑的大小使令牌易于通过URL,POST参数或HTTP头内部进行传输。 而且,由于它们是独立的,因此它们包含有关用户的所有必要信息,因此无需多次查询数据库。
The information in a JWT can be trusted because it is digitally signed using a secret or public/private key pair.
JWT中的信息是可信任的,因为它是使用秘密或公用/专用密钥对进行数字签名的。
认证方式 (Authentication)
JWT are mainly used for authentication. After a user logs in to an application, the application will create a JWT and send it back to the user. Subsequent requests by the user will include the JWT. The token tells the server what routes, services, and resources the user is allowed to access. JWT can be easily used across multiple domains so they are often used for Single Sign On.
JWT主要用于身份验证。 用户登录到应用程序后,该应用程序将创建一个JWT并将其发送回用户。 用户的后续请求将包括JWT。 令牌告诉服务器允许用户访问哪些路由,服务和资源。 JWT可以轻松地在多个域中使用,因此它们通常用于单一登录。
使用JSON Web令牌 (Using JSON Web Tokens)
Thomas Weibenfalk made an excellent video tutorial that explains JSON Web Tokens and demonstrates how to use them for authentication. The tutorial teaches JWT Auth as simply as possible, without using a lot of extra libraries.
Thomas Weibenfalk制作了出色的视频教程,解释了JSON Web令牌并演示了如何使用它们进行身份验证。 本教程尽可能简单地讲授JWT Auth,而无需使用很多额外的库。
Watch the tutorial below or on the freeCodeCamp.org YouTube channel (2 hour watch).
观看下面的教程或在freeCodeCamp.org YouTube频道上 (观看2小时)。
翻译自: https://www.freecodecamp.org/news/what-are-json-web-tokens-jwt-auth-tutorial/
jwt auth