How to use token PHP
How to use tokens in PHP: 1. The client user enters the user name and password to log in and request the token; 2. Use the JWT specification to generate the token; 3. Verify the timeliness of the token; 4. , The client uses the token to request data.
The operating environment of this article: Windows 7 system, PHP version 7.1, Dell G3 computer.
How to use token PHP?
Generation and use of php token
1. Why use token for login
Separation of front and back ends or to support multiple web application, then there will be big problems in using the original cookies or sessions.
Cookie and session authentication need to be under the same primary domain name for authentication (currently, the session can be stored in redis to solve the problem).
2. Solution
oauth2 and jwt
jwt: is a security standard. The basic idea is that the user provides the user name and password to the authentication server, and the server verifies the legitimacy of the information submitted by the user; if the verification is successful, a token (token) will be generated and returned
OAuth2: It is a secure authorization framework. It describes in detail how to achieve mutual authentication between different roles, users, service front-end applications (such as API), and clients (such as websites or mobile APPs) in the system.
(JWT, this JSON Web Token is used for authentication here)
3. Generation method
Header: Encryption type
Description: Message content
key: a random code used to encrypt
Use the above three parts to connect. up, and then use hs256 to encrypt to generate token
4. Detailed generation method
1). The header usually consists of two parts: the type of token (i.e. JWT) and the encryption algorithm used (such as: SHA256 or RSA)
{ "alg": "HS256", "typ": "JWT" }
Then, this json is Base64Url encoded and becomes the first part
2). Payload is a statement. The declaration is about the entity.
{ "exp": "1525785339", "sub": "1234567890", "name": "John Doe", "admin": true }
The payload is then Base64Url encoded and becomes the second part
(PS: This information, although protected from tampering, can be read by anyone. Do not send important information unless it is encrypted Put it inside)
3). Use an encryption key
4). To sign, you need to use the first encoded part, the second encoded part, and then a key key. Use the encryption algorithm in the first part to sign
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), key )
This signature is used to verify whether the message has been tampered with.
(PHP uses the crypt method for encryption. Note: SHA-256 is used to prevent tampering, and AES-256 is used to encrypt. The two concepts are different)
5. Token storage location
Usually you should use the Bearer mode to add JWT (Authorization: Bearer) in the Authorization field in the request header (of course you can also place it anywhere, such as passing it as a parameter after the URL, as long as the client can recognize it, but Since JWT is a standard, we'd better follow the standard)
Recommended study: "PHP Video Tutorial"
6. How to use
- The client user enters the username and password to log in and requests the token
- After the server receives the request, it uses the JWT specification to generate the token and returns it to the client
- Client After receiving the token, decrypt it, verify the timeliness of the token (the expiration time of the token), and save it
- The client uses the token to request data
- After the server receives the token and decrypts it, it verifies the user's identity , verify the timeliness, and then verify the user
7. Disadvantages
1. 无法作废已颁布的令牌(对token刷新使用期限) 2. 不易应对过期数据(支持 token 失效)
So if you use a token, then if the token is captured, then it can be forged. Impersonate. So if security is relatively high, it is recommended to use oauth2
The above is the detailed content of How to use token PHP. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics



PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op

This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.
