jwt::decode
JSON Web令牌(JWT) (JSON Web Token (JWT))
A JWT Is an open standard that defines a compact and self-contained way for performing Authentication in REST APIs where information is securely transmitted between both parties as a JSON object.
JWT是一种开放标准 ,它定义了一种紧凑且自包含的方式,用于在REST API中执行身份验证,在REST API中 ,信息在双方之间作为JSON对象安全地传输。
This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with HMAC algorithm) or a public/private key pair using RSA.
由于此信息是经过数字签名的,因此可以被验证和信任 。 可以使用秘密 (使用HMAC算法 )或使用RSA的公/私钥对对 JWT进行签名 。
NOTE 1: We consider it compact because of its size, it’s possible to send it through an URL, POST parameter, or inside an HTTP header. Also due to its size its transmission is fast.NOTE 2: We consider it self-contained because we do not need to query the database more than once, the payload contains all the necessary information about the user.
注意1 :由于它的大小,我们认为它是紧凑的,可以通过URL,POST参数或HTTP标头发送它。 同样由于其尺寸,其传输速度很快。 注2 :我们认为它是独立的,因为我们不需要查询数据库一次以上,有效负载包含有关用户的所有必要信息。
什么时候使用JWT? (When to use JWT?)
Authentication: After the user is signed in, each subsequent request includes the JWT. This allows the user to access routes, services, and resources that require that token.
身份验证 :用户登录后,每个后续请求都包含JWT。 这允许用户访问需要该令牌的路由,服务和资源。
Information Exchange: JWTs are a secure way of transmitting information between parties, because you can be sure that the sender is who they say they are, since they can be signed (possibly by using a public/private key pair). You can also verify that the content hasn’t changed, since the signature is created using the header and the payload.
信息交换 :JWT是在各方之间传输信息的一种安全方式,因为您可以确定发送者是他们所说的人,因为可以对其进行签名(可能使用公钥/私钥对)。 您还可以验证内容没有更改,因为签名是使用标头和有效负载创建的。
JWT结构 (JWT Structure)
A JWT is formed by three parts separated by dots (.): a Header, a Payload, and a Signature
最低0.47元/天 解锁文章
2251
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
