JWT (JSON WEB TOKEN)/Oauth2/ssl

Source: Internet
Author: User

1:JWT:

A JSON-based open standard (RFC 7519) for passing claims across a network application environment. The token is designed to be compact and secure, especially for single sign-on (SSO) scenarios in distributed sites. JWT declarations are typically used to pass authenticated user identities between identity providers and service providers, to obtain resources from a resource server, or to add additional declarative information that is necessary for other business logic, which can also be used directly for authentication or encryption.

J The wt is made up of three pieces of information, and the three pieces of information text are . linked together to form the JWT string. Just like this:

header. Playload.signature

This is the case at the time of the request:

 headers: { ‘Authorization‘: ‘Bearer ‘ + token // 注意Bearer后面有空格 }
Advantages
    • Because of the versatility of JSON, JWT can be used in many languages, such as java,javascript,nodejs,php, for cross-language support.
    • Because of the payload section, JWT can store the non-sensitive information necessary for some other business logic on its own.
    • Easy to transport, the JWT composition is very simple, the byte occupies very small, so it is very easy to transfer.
    • It doesn't need to save session information on the server, so it's easy to apply extensions
 具体的认证实现方式: 待续...

2: JWT VS Oauth:
WT是一种认证协议 
OAuth2是一种授权框架,OAuth2不是一个标准协议。它详细描述了系统中不同角色、用户、服务前端应用(比如API),以及客户端(比如网站或移动App)之间怎么实现相互认证。 
在讨论OAuth2的实现时,会把JSON Web Token作为一种认证机制使用。这也是为什么他们会经常一起出现.
Oauth2和JWT是如何结合的, 待续... ...
3:ssl
SSL (secure Sockets layer Secure socket) is the transport layer to encrypt the data transmitted over the network. The SSL protocol is located between the TCP/IP protocol and various application layer protocols, providing security support for data communication.
The SSL protocol can be divided into two tiers: SSL record Protocol (SSL recorder Protocol): It is based on a reliable transport protocol (such as TCP) to provide high-level protocol data encapsulation, compression, encryption and other basic functions of support.
SSL Handshake Protocol (SSL handshake Protocol): It is based on the SSL logging Protocol, which is used to authenticate, negotiate cryptographic algorithms, exchange encryption keys, etc. before the actual data transfer begins.
   SSL Features:1) Authenticate users and servers to ensure that data is sent to the correct client and server;2) Encrypt data to prevent the data from being stolen in the middle;3) Maintain the integrity of the data to ensure that the data is not changed during transmission。
    Before the implementation of the OAuth2 and JWT, SSL security is required, that is, the data to be transmitted is encrypted and encoded. Securely transmits private information provided by the user,
is necessary in any secure system. Otherwise, anyone can steal information such as user name and password when the user logs in by hacking into private wifi.

JWT (JSON WEB TOKEN)/Oauth2/ssl

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.