What does JWT do?
JWT is a popular cross-domain authentication solution. Its principle is to encrypt user information to generate a Token. Each time the server requests a request, it only needs to use the saved key to verify the correctness of the Token, and there is no need to save it again. Any Session data makes the server stateless.
jwt verification method is to encrypt user information to generate a token. Each time a request is made to the server, it only needs to use the saved key to verify the correctness of the token. There is no need to Any session data is saved, and the server becomes stateless, making it easy to expand.
User information before encryption, such as:
{
"username": "vist",
"role": "admin",
"expire": "2018-12-08 20:20:20"
}Token received by the client:
7cd357af816b907f2cc9acbe9c3b4625
JWT structure
A The token is divided into 3 parts:
header
payload
Signature(signature)
The three parts are separated by ".", such as:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header
JWT The header part is a JSON object describing metadata, usually:
{
"typ": "JWT",
"alg": "HS256"
}typ is the declaration type, specify "JWT"
alg is the encryption algorithm, the default is "HS256"
Load
The payload is the carrier of data, used to store the actual data information that needs to be transmitted, and is also a JSON object.
JWT official recommended fields:
iss: jwt issuer
sub: jwt for users
aud: The party receiving jwt
exp: The expiration time of jwt, this expiration time must be greater than the issuance time
nbf: Define the time before which the jwt is unavailable.
iat: The issuance time of the jwt
jti: The unique identity of jwt, mainly used as a one-time token to avoid replay attacks.
You can also use custom fields, such as:
{
"username": "vist",
"role": "admin"
}Signature
The signature part is a comparison of the first two parts (header part, payload) to prevent data tampering.
Follow the following steps to generate:
1. Specify the secret first
2. Convert the header and payload information to base64 respectively
3. Use the algorithm specified in the header to encrypt
Finally, signature = HMACSHA256(base64UrlEncode(header) "." base64UrlEncode(payload),secret)
The signature obtained by the client:
header.payload.signature
The JWT can also be re-encrypted.
Recommended tutorial: "PHP"
The above is the detailed content of What does JWT do?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1380
52
How to use JWT and JWE for API authentication and encryption in PHP
Jun 17, 2023 pm 02:42 PM
With the development of the Internet, more and more websites and applications need to provide API interfaces for data interaction. In this case, API authentication and encryption become very important issues. As a popular authentication and encryption mechanism, JWT and JWE are increasingly used in PHP. Well, this article will explain how to use JWT and JWE for API authentication and encryption in PHP. Basic concepts of JWT JWT stands for JSONWe
How to use ThinkPHP6 for JWT authentication?
Jun 12, 2023 pm 12:18 PM
JWT (JSONWebToken) is a lightweight authentication and authorization mechanism that uses JSON objects as security tokens to securely transmit user identity information between multiple systems. ThinkPHP6 is an efficient and flexible MVC framework based on PHP language. It provides many useful tools and functions, including JWT authentication mechanism. In this article, we will introduce how to use ThinkPHP6 for JWT authentication to ensure the security and reliability of web applications
Analysis of secure JWT token generation and verification technology in PHP
Jul 01, 2023 pm 06:06 PM
Analysis of Secure JWT Token Generation and Verification Technology in PHP With the development of network applications, user authentication and authorization are becoming more and more important. JsonWebToken (JWT) is an open standard (RFC7519) for securely transmitting information in web applications. In PHP development, it has become a common practice to use JWT tokens for user authentication and authorization. This article will introduce secure JWT token generation and verification technology in PHP. 1. Basic knowledge of JWT in understanding how to generate and
OAuth in PHP: Create a JWT authorization server
Jul 28, 2023 pm 05:27 PM
OAuth in PHP: Creating a JWT authorization server With the rise of mobile applications and the trend of separation of front-end and back-end, OAuth has become an indispensable part of modern web applications. OAuth is an authorization protocol that protects users' resources from unauthorized access by providing standardized processes and mechanisms. In this article, we will learn how to create a JWT (JSONWebTokens) based OAuth authorization server using PHP. JWT is a type of
A complete guide to implementing login authentication in Vue.js (API, JWT, axios)
Jun 09, 2023 pm 04:04 PM
Vue.js is a popular JavaScript framework for building dynamic web applications. Implementing user login authentication is one of the necessary parts of developing web applications. This article will introduce a complete guide to implementing login verification using Vue.js, API, JWT and axios. Creating a Vue.js Application First, we need to create a new Vue.js application. We can create a Vue.js application using VueCLI or manually. Install axiosax
In-depth analysis of the principles and usage of JWT (JSON Web Token)
Jan 10, 2023 am 10:55 AM
This article brings you relevant knowledge about JWT. It mainly introduces what is JWT? What is the principle and usage of JWT? For those who are interested, let’s take a look below. I hope it will be helpful to everyone.
How SpringBoot combines JWT to implement login permission control
May 20, 2023 am 11:01 AM
First we need to import the jwt package used: io.jsonwebtokenjjwt0.8.0com.auth0java-jwt3.2.0 1. Prepare LoginUser (store login user information) and JwtUserLoginUser.javapublicclassLoginUser{privateIntegeruserId;privateStringusername;privateStringpassword;privateStringrole;generate getters and setters ...}JwtUser.javaimp
Golang development: Implementing JWT-based user authentication
Sep 20, 2023 am 08:31 AM
Golang development: Implementing JWT-based user authentication With the rapid development of the Internet, user authentication has become a crucial part of web applications. The traditional cookie-based authentication method has gradually been replaced by the JWT (JSONWebToken)-based authentication method. JWT is a lightweight authentication standard that allows the server to generate an encrypted token and send the token to the client. The client puts the token into Authori when sending a request.
