JWT 中令牌前的不记名者 [英] Bearer before token in JWT

问题描述

我注意到约定是在字段授权下的标头中发送 JWT.标准是这样发送令牌:

I have noticed the convention is to send a JWT in the header under the field Authorization. The standard is to send the token as such:

Authorization:Bearer [token]

我的问题是为什么我现在需要放置承载部分:

My question is why do I need to put the Bearer part why now just:

Authorization:[token]

当我收到第一个请求时，当我验证我的 jwt 时，我需要解析每个请求以摆脱 Bearer.这有什么意义?

When I receive the first request I need to parse every request to get rid of the Bearer when I verify my jwt. What is the point of this?

推荐答案

它始于 HTTP 1.0 标准，添加了 授权:基本.

It was started in the HTTP 1.0 standard, that added the Authorization: Basic.

然后一些其他流行的协议 (/frameworks) 普及了其他类型的身份验证，例如 OAuth 的 Authorization: Bearer.

Then some other popular protocols (/frameworks) popularised other kinds of authentication, like OAuth's Authorization: Bearer.

实际上，HTTP 标准(过时" 和 "更现代") 将其声明为

Practically, the HTTP standard (both "obsolete" and "more modern") declare it as

Authorization = "Authorization" ":" credentials

对如何塑造 credentials 没有任何限制.

without any constraints on how the credentials to be shaped.

因此，只要它适合您，就取决于您在那里放置的内容.

So it is up to you on what you put there, as soon as it works for you.

这篇关于JWT 中令牌前的不记名者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！