JWT和Bearer Token有什么区别? [英] What's the difference between JWTs and Bearer Token?
问题描述
我正在学习有关授权的一些知识,例如Basic,Digest,OAuth2.0,JWT和Bearer Token.
I'm learning something about Authorization like Basic, Digest, OAuth2.0, JWTs, and Bearer Token.
现在我有一个问题.
您知道JWT被用作OAuth2.0标准中的Access_Token. JWT出现在RFC 7519上,而Bearer Token出现在RFC 6750上.
You know the JWTs is being used as an Access_Token in the OAuth2.0 standard. JWTs appears at RFC 7519, and Bearer Token is at RFC 6750 .
例如,承载者:
Authorization: Bearer <token>
我以前通过AJAX将令牌发送到服务器,或者将令牌添加到url的查询字符串中.我知道令牌也可以通过将其添加到请求标头中来发送.这是否意味着应该将令牌添加到Authorization Bearer标头中?
I used to send token to server by AJAX or add token to the query string of the url. I know that a token can also be sent by adding it to a request header. Does that mean that token should be added to Authorization Bearer header?
能否请您告诉我JWT和Bearer Token之间的关系?非常感谢.
Could you please tell me the relationship between JWTs and Bearer Token? Thanks a lot.
推荐答案
JWT是令牌的编码标准,其中包含可以签名和加密的JSON数据有效载荷.
JWT is an encoding standard for tokens that contains a JSON data payload that can be signed and encrypted.
JWT可以用于很多事情,其中包括不记名令牌,即可以提供给某项服务的一条信息,由于拥有它(您是承载者"),您才可以访问某些东西.
JWT can be used for many things, among those are bearer tokens, i.e. a piece of information that you can present to some service that by virtue of you having it (you being the "bearer") grants you access to something.
承载令牌可以以不同的方式包含在HTTP请求中,其中之一(可能是首选)是Authorization标头.但是您也可以将其放入请求参数,cookie或请求正文中.这主要是在您和您要访问的服务器之间.
Bearer tokens can be included in an HTTP request in different ways, one of them (probably the preferred one) being the Authorization header. But you could also put it into a request parameter, a cookie or the request body. That is mostly between you and the server you are trying to access.
这篇关于JWT和Bearer Token有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
