Separating the front and back ends or in order to support multiple web applications, there will be big problems in using the original cookies or sessions
Cookie and session authentication need to be under the same primary domain name Authentication can be performed (currently, the session can be stored in redis for solution).
Solution
##oauth2 and jwt (recommended learning:PHP video tutorial)
jwt: It is a security standard. The basic idea is that the user provides the user name and password to the authentication server, and the server verifies the legitimacy of the information submitted by the user; if the verification is successful, a token (token) will be generated and returned OAuth2: It is a secure authorization framework . It describes in detail how to achieve mutual authentication between different roles, users, service front-end applications (such as API), and clients (such as websites or mobile APPs) in the system. (JWT, this JSON Web Token is used here for authentication)Generation method
Header: Encryption typeDescription: Message Contentkey: a random code used for encryptionUse the above three parts, connect them, and then use hs256 to encrypt and generate tokenDetailed generation method
1). The header usually consists of two parts: the type of token (i.e. JWT) and the encryption algorithm used (such as: SHA256 or RSA){ "alg": "HS256", "typ": "JWT" }
{ "exp": "1525785339", "sub": "1234567890", "name": "John Doe", "admin": true }
(PS: This information, although protected from tampering, can be read by anyone. Do not put important information inside unless it is encrypted )
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), key )
(PHP uses the crypt method for encryption. Note: SHA-256 is used to prevent tampering, and AES-256 is used to encrypt. The two concepts are different)
The above is the detailed content of How to generate php token. For more information, please follow other related articles on the PHP Chinese website!