为什么 JWT 是无状态认证? [英] Why JWT is a stateless authentication?
问题描述
我想了解 JWT 身份验证是如何无状态的.在有状态身份验证中,会有一个会话 ID.这里有一个已签名的 JWT 令牌.所以认证服务器发出 JWT 令牌,但我可以说后续请求中 JWT 令牌的验证是由端点服务器(应用程序服务器)而不是认证服务器完成的.我相信这是可能的,因为 JWT 是用到期日期(以及一些其他信息)签名的,并且所有端点服务器都可以使用身份验证服务器的公共证书.
因此身份验证服务器将只负责颁发令牌而不负责验证.验证将由端点服务器完成.
我的理解正确吗?这就是 JWT 无状态的方式吗?否则,我看不出它与有状态身份验证有何不同,因为两者都可以使用令牌来实现.
在有状态认证中,中央服务器将负责发布令牌以及验证每个请求.
I am trying to understand how JWT authentication is stateless. In stateful authentication, there will be a session id. Here there is a JWT token which is signed. So the authentication server issues the JWT token, but can I say the validation of the JWT token in subsequent requests are done by the endpoint server (application server) rather than the authentication server. I believe this is possible as JWT is signed with expiry date (and also some other information) and the public certificate of authentication server is available to all endpoint servers.
So the authentication server will be only responsible for issuing the tokens and not validation. The validation will be done by the endpoint server.
Is my understanding correct? Is this how JWT is made stateless? Otherwise, I don't see how it is different from a stateful authentication as both can be implemented using tokens.
In stateful authentication, the centralized server will be responsible for issuing the tokens as well as validation is each request.
JSON Web Tokens (JWT) are referred to as stateless because the authorizing server needs to maintain no state; the token itself is all that is needed to verify a token bearer's authorization.
JWTs are signed using a digital signature algorithm (e.g. RSA) which cannot be forged. Because of this, anyone that trusts the signer's certificate can safely trust that the JWT is authentic. There's no need for a server to consult the token-issuing server to confirm its authenticity.
Notice in this diagram that the Resource Server does not need to check back with the Authorization Server:
Source: https://jwt.io/introduction/
这篇关于为什么 JWT 是无状态认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
