OAuth还是JWT?使用哪一个,为什么? [英] OAuth or JWT? Which one to use and why?
问题描述
我开始学习基于令牌的身份验证,并试图学习如何在Laravel 5中实现它.我遇到了两种非常流行的技术来做到这一点,但是由于我对这两种技术都不熟悉,所以我感到困惑.
这篇在Medium的文章说,我应该同意 lucadegasperi/oauth2-server-laravel 我确信它是社区中非常流行的软件包从Github上的星星数量以及导致我这么做的参考文献数量来看.这个应该可以帮助我实现OAuth.
Scotch.io上的另一篇文章鼓励我使用 tymondesigns/jwt-auth ,从数量上看,它也很受欢迎在Github上亮起星星.
在这一点上,我不确定使用哪一个,主要是因为我是新手开发人员,并且没有与他们中的任何一个一起工作.
任何人都可以向我指出其中每一个的优缺点,我应该实现哪一个?我的项目类型还会规定我应该使用哪种类型吗?以及如何?
此外,如果您提出的一个论点是我应该选择一个,那么您是否还可以指出一些有用的资源来帮助我从它们入手.除了两个链接,我当然提供了自己.
JWT是简单的身份验证协议,Oauth是身份验证框架.
经验丰富的开发人员大约需要一个月的时间才能完全了解和实施Oauth.经验丰富的开发人员可以在阅读规范后的大约一天时间内选择JWT协议.因此,基本上,它可以归结为您的特定用例.
如果您想要对api进行简单的无状态http身份验证,那么JWT很好,而且实现起来相对较快,即使对于初学者来说也是如此.
一些JWT资源供您使用:
I am starting to learn about token based authentication and I am trying to learn how to implement it in Laravel 5. I have come across two very popular technologies for doing this but I am confused since I am new to both these technologies.
This article at Medium says I should go with lucadegasperi/oauth2-server-laravel which I am sure is a very popular package in the community judging by the number of stars on Github and the number of references that have led me to it. This one is supposed to help me with OAuth implementation.
This other article at Scotch.io encourages me to use tymondesigns/jwt-auth which is also very popular again judging by the number of stars on Github.
At this point I am indecisive of which one to use mostly because I am a novice developer and I haven't worked with either of them.
Could anyone point out to me what are the pros and cons to each one of them and which one I should implement? Will my project type also dictate what kind I should use? And how?
Moreover if you are making an argument that I should choose one over the other, could you also point out good resources that would help me start with them. Other than the two links I provided myself of course.
JWT is a simple authentication protocol, Oauth is an authentication framework.
An experienced developer will take about a month to fully understand and implement Oauth. An experienced developer can pick up the JWT protocol in about a day of reading the specifications. So basically, it boils down to your specific use-case.
If you want simple stateless http authentication to an api, then JWT is just fine and relatively quick to implement, even for a novice developer.
A few JWT resources for you:
- http://jwt.io/
- https://auth0.com/docs
- http://www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-example-in-laravel-and-angularjs
And an Oauth resource:
这篇关于OAuth还是JWT?使用哪一个,为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
