一、JWT
Header(头部)+ Payload(负载)+ Signature(签名) == JWT # Header is a json { "alg": "HS256", "typ": "JWT" } # Payload is a json { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 } another key which defined offically iss (issuer):签发人 exp (expiration time):过期时间 sub (subject):主题 aud (audience):受众 nbf (Not Before):生效时间 iat (Issued At):签发时间 jti (JWT ID):编号
二、Django + JWT
#settings.py REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', ], "DEFAULT_PERMISSION_CLASSES": [ 'rest_framework.permissions.IsAuthenticated', ], } JWT_AUTH = { 'JWT_SECRET_KEY': settings.SECRET_KEY, 'JWT_EXPIRATION_DELTA': datetime.timedelta(minutes=1), } #urls.py from rest_framework_jwt.views import obtain_jwt_token urlpatterns = [ path('admin/', admin.site.urls), path('example/', obtain_jwt_token), ] #这必须是USER数据库中存在的用户和密码
JWT & django (上)
最新推荐文章于 2023-10-16 16:45:28 发布