Shulou(Shulou.com)06/02 Report--

This article mainly explains "what is jwt in nodejs". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is jwt in nodejs".

In nodejs, jwt, whose full name is Json web token, is an open standard based on JSON, which is implemented to transmit statements between network application environments. JWT declarations are generally used to pass authenticated user identity information between identity providers and service providers in order to obtain resources from the resource server.

This tutorial operating environment: windows7 system, nodejs version 12.19.0, DELL G3 computer.

What is JWT in nodejs

Json web token (JWT) is an open standard based on JSON (RFC 7519) for passing declarations between network application environments. The token is designed to be compact and secure and is particularly suitable for single sign-on (SSO) scenarios at distributed sites.

The declaration of JWT is generally used to transfer authenticated user identity information between the identity provider and the service provider in order to obtain resources from the resource server, and can also add some additional declaration information necessary for other business logic. The token can also be directly used for authentication or can be encrypted.

JWT, in the process of HTTP communication, identity authentication.

We know that HTTP communication is stateless, so the client's request cannot be returned to the original client after it has been processed by the server. Therefore, it is necessary to identify the visiting client, and the common practice is through the session mechanism: after the client has successfully logged in on the server, the server will generate a sessionID and return it to the client. The client will save the sessionID in cookie, and when it initiates the request again, it will bring the sessionID in cookie to the server, and the server will cache the session (session). When the client request arrives, the server will know which user's request is. The result of the processing is returned to the client to complete the communication.

From the above analysis, we can see that session has the following problems:

1. The session is stored on the server. When the customer visits increase, the server needs to store a large number of session sessions, which is a great test for the server.

2. When the server is a cluster, the user logs in to one of the servers and saves the session to the memory of the server, but when the user accesses other servers, it will not be accessible. It is usually inconvenient to use cache consistency technology to ensure that the session can be shared, or to use a third-party cache to save the server.

How does Json Web Token do it?

1. The client logs in to the server with a user name and password

2. The server verifies the identity of the client

3. The server generates Token for the user and returns it to the client.

4. The client saves Token to a local browser, usually to cookie

5. The client initiates a request and needs to carry the Token

6. After receiving the request, the server first verifies the Token, and then returns the data.

The server does not need to save the Token, but only needs to verify the information carried in the Token.

No matter which server the client accesses in the background, as long as it can pass the verification of the user information.

What does Json Web Token look like?

You can tell by the name that it is a json.

It consists of three parts:

Header (header), which is rarely changed and can be directly used by default:

{'typ':'JWT',' alg':'HS256'}

(playload), everything is installed here, and the default contents are:

{'iss':' issuer', 'sub':' targeted user', 'aud':' recipient', 'exp': expiration time,' iat': creation time, 'before what time nbf':, the Token is not available,' jti':'Token unique ID'}

Users can define the content transmitted in Token according to their own needs. Generally, user name, role and other information will be put into Token.

(signature), after the first two parts are converted to a string, use base64 encoding, and then encrypt to get a string.

Token = header (base64) + playload (base64) + signature

Realization process

-> the user logs in, and the server generates a token (encrypted string) to send to the front end

-> the front end saves the token (save wherever you want)

-> the front end carries token when it initiates a data request

-> the server verifies whether token is legal, continues operation legally, and terminates the operation illegally.

Token usage scenarios: stateless request, keeping the user's login status, third-party login (token+auth3.0)

Support algorithm

Alg parameter value digital signature or MAC algorithm HS256 using SHA-256 hash algorithm HMACHS384 using SHA-384 hash algorithm HMACHS512 using SHA-512 hash algorithm HMACRS256 using SHA-256 hash algorithm RSASSA-PKCS1-v1_5RS384 using SHA-384 hash algorithm RSASSA-PKCS1-v1_5RS512 using SHA-512 hash algorithm RSASSA-PKCS1-v1_5PS256 using SHA-256 hash algorithm RSASSA-PSS (node only ^ 6.12.0 OR > = 8.0.0) RSASSA-PSS with SHA-384 hash algorithm for PS384 (node ^ 6.12.0 OR > = 8.0.0) PS512 for RSASSA-PSS using SHA-512 hash algorithm (node ^ 6.12.0 OR > = 8.0.0) ES256 using Pmur256 curve and ECDSAES384 for SHA-256 hash algorithm using Pmurl 384 curve and ECDSAES512 for SHA-384 hash algorithm using Pmur521 curve and SHA-512 hash The ECDSA of the algorithm does not contain a digital signature or MAC value

Use when developing

Installation

Npm install jsonwebtoken-save

Use

Const jwt = require ('jsonwebtoken'); / / load package / / generate token default algorithm hs256let token=jwt.sign ({user:'123'},' 123114655 sad46aa'); / / this method takes two parameters, the first is the data to be encrypted (an object, do not put secret data, such as passwords), and the second is the private key to be encrypted (a string, the better) console.log (token) / / return an encrypted string / / when the token//eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiMTIzIiwiaWF0IjoxNTcwMDc2NjU5fQ.3FT6v8zVptdWGBILD1m1CRY6sCP1I3E947krUh_E3// client requests data issued by the server, verify that the tokenlet tokens=token;jwt.verify passed by the token// client (tokens,'123114655sad46aa',function (err,data) {/ / verify receives two parameters, the first parameter is the token passed by the client, and the second parameter is the private key when encrypted. The third parameter is the callback function console.log (err); / / by returning null, the signature does not return err (JsonWebTokenError: invalid signature) console.log (data); / / by returning decrypted data, failure returns unfinished}) Thank you for your reading, the above is the content of "what is jwt in nodejs". After the study of this article, I believe you have a deeper understanding of what the jwt in nodejs is, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.