The principle and use of Token

First, login verification process

When user login request, if no problem, we in the server to generate a record, the record can explain who is the user login, and then put the record ID number is sent to the client, the client receives after the ID is stored in a Cookie, next time the user to the server sends the request, You can take this Cookie with you, and then the server side will validate a Cookie, see if it can find the corresponding record on the server side, if it can, it means that the user has been authenticated, and it will return the requested data to the client side

Token-based authentication

The user sends the user name and password to the server.
The server receives a request to verify the user name and password
After the authentication succeeds, the server issues a Token and sends the Token to the client.
After receiving the Token, the client can store it, for example, in a Cookie or Local Storage
With each subsequent request, the token is sent back to the server through a Cookie.
The server receives the request and verifies the Token in the request. If the verification succeeds, it returns the requested data to the client

Third, jsonwebtoken

1. Principle of JWT

After the server authenticates, it generates a JSON object and sends it to the user like this

{
  "Name": "alley"."Role": "Administrator"."Due Time": "00:00 on March 9, 2019."
}
Copy the code

#####2. Components of JWT

Header: header payload: payload Secret: signature

Header: A header is a JSON object consisting of the token type and the algorithm used

{
    type:"jwt",
    alg:"HS256"
}
Copy the code

Payload: Payload is also a JSON object that stores data that needs to be transmitted. It has seven fields

{iss (Issuer) : exp (expiration time) : expiration time sub (subject) : aud (audience) : NBF (Not Before) : iAT (Issued At) : Issue time JTI (JWT ID) : No}Copy the code

In addition to the seven officially defined fields, you can also define other private fields

{
   iss:"admin", user:'alley',} # Note: JWT is unencrypted by default and anyone can read it, so don't put private information in this sectionCopy the code

4. Basic Use of JWT (Express based)

const jwt = require("jsonwebtoken");
const secret = "secret";/ / signature

const getCookie = (key) = >{
    const cookies = req.headers.cookie;
    const arr = cookies.split("; ");
    for(var i=0; i<arr.length; i++){let newArr = arr[i].split("=");
        if(newArr[0] == key){
            return newArr[1]; }}}/ / authentication token
const verifyTokenMiddle = (req,res,next) = >{
    let token = getCookie("token");
    
    jwt.verify(token, scret, function(err, decoded) {
        if(err){
            return res.json({
                state:false.info:"Token verification failed"
            })
        }
        next()
  });  
}

/ / create a token
const createToken = (username) = >{
    const payload = {
        user:username
    }
    
    return jwt.sign(payload, secret,{expiresIn:'1h'});
}


module.exports = {
    createToken,
    verifyTokenMiddle 
}
Copy the code

First, login verification process

Token-based authentication

Third, jsonwebtoken

1. Principle of JWT

4. Basic Use of JWT (Express based)

Related Posts

Here are 7 useful CSS properties you may not know about

75. Color classification

CSS Common Styles