In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)05/31 Report--
This article shows you what the structure of JSON Web Token is, the content is concise and easy to understand, it can definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.
JSON Web Tokens is created by using (.) It is composed of three separate parts, which are:
Head (Header)
Load (Payload)
Signature (Signature)
Because of the above organization, an JWT usually looks like the following form of expression.
Xxxxx.yyyyy.zzzzz
Let's make a specific analysis of the above form.
Head (Header)
The header data usually contains two parts: the type of token, where the character JWT is used, and the signature encryption algorithm used, such as SHA256 or RSA.
For example, the following format:
{"alg": "HS256", "typ": "JWT"}
Then, hash the above JSON data format using the Base64Url algorithm, so you get the first part of the JWT.
Load (Payload)
The second part of the JWT is the load, which is made up of some claims. Claims are entities (usually users) and other pieces of information.
There are three types of claims registered, public and private.
Registered claims: these claims are pre-defined, and the content of these configurations is not required but recommended, so a series of conventions are provided. For example: iss (issuer), exp (expiration time), sub (subject), aud (audience) and other more configurations.
Note that the configurations commonly known as these conventions are only 3 characters in order to compress the amount of data.
Public claims: this data can be freely defined by users using JWT, but to avoid conflicts, you need to refer to defining them in IANA JSON Web Token Registry, or define them as URI, and you need to avoid possible conflicts.
Private claims: this content is custom content, and this part of the content is used to convert data between data transfers. This data is not defined between registered and public.
The load of an example:
{"sub": "1234567890", "name": "John Doe", "admin": true} load (payload)
The data in is also encrypted by Base64Url, and the encrypted content forms the second part of JWT.
Please note that the signature for this part of the token has been prevented from tampering. But this part can still be decrypted, so please do not put any secret key into this part of the data unless your secret key is already encrypted.
Signature (Signature)
To create an encrypted part, you need to have an encoded header and payload, and then you need a secret key (secret) and an encryption algorithm that has been specified in the header to sign.
For example, if you want to use the HMAC SHA256 algorithm for signature, the data used in this algorithm is:
HMACSHA256 (base64UrlEncode (header) + "." + base64UrlEncode (payload), secret)
The function of signature is mainly used to verify that the transmitted token (Token) data has not been tampered with in the process.
If your token is signed with a private key, you can also verify the JWT to make sure that the sender of the JWT is using a legitimate signature.
Put all the content together
The contents of these three parts are integrated using Base64-URL coding, and the data of each part is directly separated by a period (.) to ensure that the token data can be easily transmitted in the network HTTP and HTML environment.
JWT is more concise and efficient for tokens that use XML, such as SAML.
The following is an example of an JWT token that uses header information, payload information, and digital signatures and then grouped together:
If you want to use JWT and decrypt an existing JWT token, you can use the tools provided on the https://jwt.io/#debugger-io website to program JWT strings, checksum and produce a JWT token.
What is the structure of JSON Web Token? have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 264
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.