什么是不透明令牌? [英] What is an opaque token?

问题描述

它们采用专有格式"是什么意思?我正在阅读有关JWT刷新令牌的信息，它们是不透明的令牌，但我不理解该术语.

And what does it mean that they are in a "proprietary format"? I am reading about JWT refresh tokens and they are opaque tokens, but I don't understand the term.

推荐答案

JWT 的内容可读，例如您在 RFC 7519 中.

A JWT has readable content, as you can see for example on https://jwt.io/. Everyone can decode the token and read the information in it. The format is documented in RFC 7519.

另一方面， 不透明令牌 的格式不适合您阅读.只有发行者知道格式.

An opaque token on the other hand has a format that is not intended to be read by you. Only the issuer knows the format.

该词的含义已经给出了提示:

The meaning of the word already gives a hint:

不透明 /ə(ʊ)ˈpeɪk/ 形容词

opaque /ə(ʊ)ˈpeɪk/ adjective

无法被看到；不透明的.

not able to be seen through; not transparent.

这是来自 https://auth0.com/docs/tokens 的报价:

不透明令牌:专有格式的令牌，通常包含服务器永久性存储中信息的某些标识符.要验证不透明令牌，令牌的接收者需要调用发出令牌的服务器.

Opaque tokens: Tokens in a proprietary format that typically contain some identifier to information in a server’s persistent storage. To validate an opaque token, the recipient of the token needs to call the server that issued the token.

根据上面的定义，不透明的JWT刷新令牌"是一个矛盾.实际上，这里的意思是，在某些JWT框架中，仅身份验证令牌是JWT，但是作为刷新令牌，它们使用不透明令牌.

A "opaque JWT refresh token" is a contradiction as per definition above. What actually is meant here is, that in some JWT frameworks only the authentication token is a JWT, but as refresh token they use opaque tokens.

这篇关于什么是不透明令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！