JWT (JSON WEB TOKEN)/Oauth2/ssl

1:JWT:

A JSON-based open standard (RFC 7519) for passing claims across a network application environment. The token is designed to be compact and secure, especially for single sign-on (SSO) scenarios in distributed sites. JWT declarations are typically used to pass authenticated user identities between identity providers and service providers, to obtain resources from a resource server, or to add additional declarative information that is necessary for other business logic, which can also be used directly for authentication or encryption.

J The wt is made up of three pieces of information, and the three pieces of information text are . linked together to form the JWT string. Just like this:

header. Playload.signature

This is the case at the time of the request:

 headers: { ‘Authorization‘: ‘Bearer ‘ + token // 注意Bearer后面有空格 }

Advantages

• Because of the versatility of JSON, JWT can be used in many languages, such as java,javascript,nodejs,php, for cross-language support.
• Because of the payload section, JWT can store the non-sensitive information necessary for some other business logic on its own.
• Easy to transport, the JWT composition is very simple, the byte occupies very small, so it is very easy to transfer.
• It doesn't need to save session information on the server, so it's easy to apply extensions

 具体的认证实现方式： 待续...

2： JWT VS Oauth:
 WT是一种认证协议 
 OAuth2是一种授权框架,OAuth2不是一个标准协议。它详细描述了系统中不同角色、用户、服务前端应用（比如API），以及客户端（比如网站或移动App）之间怎么实现相互认证。 
 在讨论OAuth2的实现时，会把JSON Web Token作为一种认证机制使用。这也是为什么他们会经常一起出现.
 Oauth2和JWT是如何结合的， 待续... ...

3:ssl
    SSL (secure Sockets layer Secure socket) is the  transport layer to encrypt the data transmitted over the network. The SSL protocol is located between the TCP/IP protocol and various application layer protocols, providing security support for data communication.
    The SSL protocol can be divided into two tiers: SSL record Protocol (SSL recorder Protocol): It is based on a reliable transport protocol (such as TCP) to provide high-level protocol data encapsulation, compression, encryption and other basic functions of support.
    SSL Handshake Protocol (SSL handshake Protocol): It is based on the SSL logging Protocol, which is used to authenticate, negotiate cryptographic algorithms, exchange encryption keys, etc. before the actual data transfer begins.

　　 SSL Features:1) Authenticate users and servers to ensure that data is sent to the correct client and server;2) Encrypt data to prevent the data from being stolen in the middle;3) Maintain the integrity of the data to ensure that the data is not changed during transmission。

    Before the implementation of the OAuth2 and JWT, SSL security is required, that is, the data to be transmitted is encrypted and encoded. Securely transmits private information provided by the user,
    is necessary in any secure system. Otherwise, anyone can steal information such as user name and password when the user logs in by hacking into private wifi.

   

JWT (JSON WEB TOKEN)/Oauth2/ssl