single point of entry
Single sign-on means that you can log in to a system in a multiple system application and you will be authorized in other systems without having to log in again. In the process of authorization, it is necessary to use JWT to transmit secure and reliable information between the user and the server.
What is JWT
The Json Web Token is a very lightweight specification for delivering secure and reliable information between users and servers.
Applicable Scenarios
JWT is suitable for passing some insensitive information to a Web application, such as adding friends, placing orders, and so on. However, for example, payment orders are best not to use JWT.
composition
A JWT is actually a string, including the head, load, and signature. Head
The head describes the most basic information about JWT, such as its type and the algorithm used to sign it. This can also be represented as a JSON object.
{
"Typ": "JWT",
"ALG": "HS256"
}
Load
The payload has a fixed five fields, respectively
1.iss: The issuer of the JWT
2.sub: The user the JWT is targeting
3.aud: The party receiving the JWT
4.EXP (expires): When expires, here is a UNIX timestamp
5.at (issued at): When was it issued?
Both the head and the payload use the Base64 encoding to encode the above information into a string.
Signature
The above two encoded strings are used. Connected, then encrypted with the HS256 algorithm, then spliced to the signed string, the complete JWT is obtained.
The signature is used to know if the information has been tampered with, and the signature of the tampered information is generated repeatedly, and the user can determine whether the information has been moved by someone else only if it is consistent with the signature.