Single sign-on jwt__ Project combat

single point of entry

Single sign-on means that you can log in to a system in a multiple system application and you will be authorized in other systems without having to log in again. In the process of authorization, it is necessary to use JWT to transmit secure and reliable information between the user and the server.

What is JWT

The Json Web Token is a very lightweight specification for delivering secure and reliable information between users and servers.
Applicable Scenarios

JWT is suitable for passing some insensitive information to a Web application, such as adding friends, placing orders, and so on. However, for example, payment orders are best not to use JWT.

composition

A JWT is actually a string, including the head, load, and signature. Head

The head describes the most basic information about JWT, such as its type and the algorithm used to sign it. This can also be represented as a JSON object.

{
  "Typ": "JWT",
  "ALG": "HS256"
}

Load

The payload has a fixed five fields, respectively

1.iss: The issuer of the JWT
2.sub: The user the JWT is targeting
3.aud: The party receiving the JWT
4.EXP (expires): When expires, here is a UNIX timestamp
5.at (issued at): When was it issued?

Both the head and the payload use the Base64 encoding to encode the above information into a string.
Signature

The above two encoded strings are used. Connected, then encrypted with the HS256 algorithm, then spliced to the signed string, the complete JWT is obtained.

The signature is used to know if the information has been tampered with, and the signature of the tampered information is generated repeatedly, and the user can determine whether the information has been moved by someone else only if it is consistent with the signature.