当前位置:网站首页>Actual combat simulation │ JWT login authentication
Actual combat simulation │ JWT login authentication
2022-07-05 12:58:00 【51CTO】
Catalog
Token The certification process
- As the most popular cross domain authentication solution ,
JWT(JSON Web Token)
Loved by developers , The main process is as follows : - The client sends an account and password to request login
- The server receives the request , Verify whether the account and password pass
- After successful verification , The server will generate a unique
token
, And return it to the client - Client received
token
, Store it incookie
perhapslocalStroge
in - After that, every time the client sends a request to the server , Will pass
cookie
perhapsheader
Take with youtoken
- Server side validation
token
The effectiveness of the , The data of the response is returned only after passing
Token Certification benefits
- Support cross domain access :
Cookie
Cross domain access is not allowed , That's rightToken
There is no mechanism , The premise is that the transmitted user authentication information passesHTTP
Head transmission - No state :
Token
The mechanism does not need storage on the serversession
Information , becauseToken
It contains the information of all users who log in , Just on the client sidecookie
Or local media storage status information - More applicable : As long as it's support
http
Protocol client , You can usetoken
authentication . - Don't need to consider CSRF: Because no longer rely on
cookie
, So usingtoken
The authentication method will not happenCSRF
, So there is no need to considerCSRF
Defense
JWT structure
- One
JWT
It's actually a string , It consists of three parts :Head
、load
AndSignature
. Middle point.
Divided into three parts . Be carefulJWT
There is no line break inside .
- Head / header
header
It's made up of two parts :token
The type ofJWT
And algorithm name :HMAC
、SHA256
、RSA
- load / Payload
Payload
Part of it is also aJSON
object , It is used to store the data that needs to be transferred .JWT
Specify seven default fields to choose from .- In addition to the default fields , You can add any field you want , Generally, after the user logs in successfully , Store user information here
- Signature / Signature
- The signature part is on the above Head 、 load Data signature with two parts of data
- To ensure that the data is not tampered with , You need to specify a key , And this key is usually only known by you , And stored on the server
- The code to generate the signature is generally as follows :
JWT Basic use
- The client receives the
JWT
, Can be stored inCookie
Inside , It can also be stored inlocalStorage
- then Every time the client communicates with the server , Take this with you
JWT
- hold
JWT
Save inCookie
Send request inside , It can't beCross domain
- It's better to put it in
HTTP
Requested header informationAuthorization
In the field
actual combat : Use JWT Login authentication
Use here
ThinkPHP6
IntegrateJWT
Login and authenticate for actual combat simulationinstall JWT Expand
- Package generation JWT And decryption methods
- After the user logs in , Generate JWT identification
- Middleware verifies whether the user logs in
- stay
middleware.php
Register middleware
- After registering middleware , Improve the verification logic in the permission verification middleware
边栏推荐
- Why is your next computer a computer? Explore different remote operations
- SAP ui5 objectpagelayout control usage sharing
- 2021.12.16-2021.12.20 empty four hand transaction records
- CF:A. The Third Three Number Problem【关于我是位运算垃圾这个事情】
- 你的下一台电脑何必是电脑,探索不一样的远程操作
- 石臻臻的2021总结和2022展望 | 文末彩蛋
- Comprehensive upgrade of Taobao short video photosynthetic platform
- 太方便了,钉钉上就可完成代码发布审批啦!
- Research: data security tools cannot resist blackmail software in 60% of cases
- What is the difference between Bi software in the domestic market
猜你喜欢
关于 SAP UI5 getSAPLogonLanguage is not a function 的错误消息以及 API 版本的讨论
[Nacos cloud native] the first step of reading the source code is to start Nacos locally
Research: data security tools cannot resist blackmail software in 60% of cases
Iterator details in list... Interview pits
Introduction aux contrôles de la page dynamique SAP ui5
SAP SEGW 事物码里的导航属性(Navigation Property) 和 EntitySet 使用方法
946. 验证栈序列
[cloud native] use of Nacos taskmanager task management
使用 jMeter 对 SAP Spartacus 进行并发性能测试
石臻臻的2021总结和2022展望 | 文末彩蛋
随机推荐
10 minute fitness method reading notes (3/5)
I met Tencent in the morning and took out 38K, which showed me the basic smallpox
Simply take stock reading notes (2/8)
Compilation principle reading notes (1/12)
Kotlin process control and circulation
What is the difference between Bi software in the domestic market
Kotlin variable
Taobao, pinduoduo, jd.com, Doudian order & Flag insertion remarks API solution
stm32和电机开发(从架构图到文档编写)
Kotlin function
初识Linkerd项目
Reshape the power of multi cloud products with VMware innovation
RHCSA4
Laravel文档阅读笔记-mews/captcha的使用(验证码功能)
JSON parsing error special character processing (really speechless... Troubleshooting for a long time)
Pinduoduo flag insertion remarks API
SAP SEGW 事物码里的 ABAP Editor
Using docker for MySQL 8.0 master-slave configuration
Yyds dry inventory JS intercept file suffix
NLP engineer learning summary and index