OAuth身份验证系统中的资源服务器如何验证令牌? [英] How resource server in OAuth authentication system, verify the token?
问题描述
我知道
http://stackoverflow.com/questions/12296017/how-to-validate-an-oauth-2-0-access-token-for-a-resource-server
但是它没有回答我的问题.我想问的是,在身份验证服务器授予访问令牌之后,资源服务器如何对其进行验证?验证是指令牌的哪些参数可帮助资源服务器验证令牌的来源和真实性.据我所能想象的,任何黑客都可以通过分析过去的令牌来生成伪令牌.
But it didn't answer my question. What I want to ask is after an authentication server grants the access token, how it is validated by the resource server? By validation I mean which parameters of token helps the resource server to validate the origin and authenticity of the token. As far i can imagine, any hacker can generate a psuedo token by analyzing a past token.
推荐答案
生成的用于验证的密钥与签名匹配.您可以使用
The Secret key That Is generated that is used to validate It matches the signature . You Can use
通过提供秘密密钥来检查jwt令牌的签名,它将验证它并在生成guid(Client Id)时在oauth中生成秘密密钥.
to check the signature of jwt token by providing secret key it will verify it and secret key is generated in oauth when guid(Client Id ) is generated.
这篇关于OAuth身份验证系统中的资源服务器如何验证令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!