Good day, dear reader. In this article I will try to talk about one of the most popular (today) authorization methods in various client-server applications - the authorization token. And we will consider it using the example of the most popular implementation - JSON Web Token or JWT.
Introduction
, : . - .
- , , , . , , - , , %user_name%, , .
, . , - , - .
: , , , - .
. , HTTP( HTTPS) , HTTP , , , : , , . , - JSON Web Tokens (JWT). ( ), , .
. JSON Web Tokens (JWT) , JWT , .
JSON Web Token (JWT) — (RFC 7519) , JSON.
( ) , , ID, , . , .
, JWT. , , , , . 2 : access token refresh token ( , access token). , , . , API access token. , , ( , , ), , , . JSON Web Tokens.
. , JWT , :
(header)
(playload)
(signature)
.
. , , , JWT. JSON , Base64-URL :
:
{"alg":"HS256","typ":"JWT"}
: alg typ. typ , , JWT , , JWT(2.0), JWT. alg . HMAC SHA-256, , , HS256. , . , , JWT, , RS256. - . .
. - JSON , , base64. (playload) :
JSON :
{"user_id":1,"exp":1581357039}
. , :
iss - , .
user_id - , .
, exp. , ( , ). , , , . , is_admin is_preferUser, , , . , , , , . JWT.
, , . - (). : , , , , , , , ( alg ), HMAC-SHA256, ( , ) . , base64, . . API , , . , , , , , . , , , %user_name% .
Refresh Token
- , refresh token. , - . , 10-30 . : , , . , : . , , , %user_name%, access token , . . access token refresh token. ( ) . access token refresh token , , - , , - . refresh token , , , , . .
Conclusion
In this article, I tried to consider in detail the work of client-server applications with an access token, specifically using the JSON Web Token (JWT) as an example. Once again, I would like to note with what comparative ease, but at the same time good reliability, the token allows solving problems of authentication and authorization, which made it so popular. Thank you for your time.
useful links
5 Easy Steps to Understanding JSON Web Tokens (JWT)
JWT - as a secure way to authenticate and transfer data
Securing React Redux Apps With JWT Tokens
Why do I need Refresh Token if there is Access Token?