如何将JWT添加到授权标头? [英] How to add JWT to authorization header?

问题描述

如以下幻灯片中所述，客户端必须在下一个请求时通过Authorization Header将jwt发送回服务器.

As descripted on the following slide, it is necessary that the client send the jwt back to the server by a Authorization Header at the next request.

但是如何定义authorisation header并将JWT添加到服务器?

But how can I define the authorisation header and add the JWT to the server?

我当前的状态是:

1. 用户通过post将username和pasword发送到服务器.
2. 服务器创建JWT
3. 服务器将签名的JWT发送回客户端，并将其保存在cookie中.

1. User send username and pasword to the server by a post.
2. The server create the the JWT
3. The server send the signed JWT back to the client and save it in a cookie.

现在我的问题:

在登录的情况下

据我了解，现在有必要将JWT发送回服务器.服务器验证令牌并将其发送回以完成登录过程.

As I understand it, now its necessary to send the JWT back to the server. The server verify the token and send it back to finish the login process.

如何将JWT添加到authentication header?

如果运行流程并从计算中接收数据:

In case of run a process and receive data from a calculation:

我是否理解正确，客户端必须将登录名中的JWT发送到服务器，并将第二个JWT与数据一起发送? 还是可以通过POST发送数据?

Does I understand right, that the client has to send the JWT from the login to the server and a second JWT with the data? Or can I send the data by POST?

推荐答案

因此，使用JWT非常正确.从客户端向服务器发送数据时(创建JWT之后)，您要做的就是将其添加到请求标头中.许多人会尝试保持与OAuth相同的路径，并添加一个Bearer令牌，类似于下面的节点代码片段:

So, You are pretty much correct with JWT. All you need to do when sending data from client to server (after JWT creation), is to add it to the request header. Many folks will try to keep along the same path as OAuth and add a Bearer token similar to the node snippet below:

var rp = require('request-promise');
options = {
  method: GET,
  uri: 'https://www.example.com/api/sample',
  headers: {
    Authorization: "Bearer <insert_your_JWT_here>"
  }
}
rp(options).then(function(res){
  <handle_response>
}

当然，我知道您提到过PHP，但是工作流程相同，只是语法不同.

Granted I know you mentioned PHP, but the workflows are the same, its just the syntax is different.

现在，要验证此令牌是否存在，服务器将需要 verify()，该令牌对已定义的机密有效.在客户端提出的每个请求中，对于授权端点，您都需要每次发送此令牌.

Now, to verify that this token is present, the server would need to verify() that the token is valid with the secret that was defined. In every request made by the client, for an authorized endpoint, you would need to send this token everytime.

这篇关于如何将JWT添加到授权标头?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！