OAuth 还是 JWT?使用哪一个，为什么? [英] OAuth or JWT? Which one to use and why?

问题描述

我开始学习基于令牌的身份验证，我正在尝试学习如何在 Laravel 5 中实现它.我遇到了两种非常流行的技术，但我很困惑，因为我对这两种技术都不熟悉.

I am starting to learn about token based authentication and I am trying to learn how to implement it in Laravel 5. I have come across two very popular technologies for doing this but I am confused since I am new to both these technologies.

Medium 上的这篇文章说我应该去lucadegasperi/oauth2-server-laravel 我敢肯定这是社区中非常受欢迎的软件包从 Github 上的星星数量和引我上它的参考文献的数量来看.这个应该可以帮助我实现 OAuth.

This article at Medium says I should go with lucadegasperi/oauth2-server-laravel which I am sure is a very popular package in the community judging by the number of stars on Github and the number of references that have led me to it. This one is supposed to help me with OAuth implementation.

Scotch.io 的另一篇文章 鼓励我使用 tymondesigns/jwt-auth 从数量上来看它也很受欢迎Github 上的星星.

This other article at Scotch.io encourages me to use tymondesigns/jwt-auth which is also very popular again judging by the number of stars on Github.

此时我犹豫不决，主要是因为我是一名新手开发人员，而且我还没有与他们中的任何一个合作过.

At this point I am indecisive of which one to use mostly because I am a novice developer and I haven't worked with either of them.

谁能向我指出它们各自的优缺点以及我应该实施哪一个?我的项目类型是否也会决定我应该使用哪种类型?怎么做?

Could anyone point out to me what are the pros and cons to each one of them and which one I should implement? Will my project type also dictate what kind I should use? And how?

此外，如果您提出我应该选择其中一个的论点，您能否指出可以帮助我从它们开始的好的资源.当然，除了我自己提供的两个链接.

Moreover if you are making an argument that I should choose one over the other, could you also point out good resources that would help me start with them. Other than the two links I provided myself of course.

推荐答案

JWT 是一个简单的认证协议，Oauth 是一个认证框架.

JWT is a simple authentication protocol, Oauth is an authentication framework.

经验丰富的开发人员大约需要一个月的时间才能完全理解和实施 Oauth.一个有经验的开发人员可以在阅读规范大约一天的时间内掌握 JWT 协议.所以基本上，它归结为您的特定用例.

An experienced developer will take about a month to fully understand and implement Oauth. An experienced developer can pick up the JWT protocol in about a day of reading the specifications. So basically, it boils down to your specific use-case.

如果您想要对 api 进行简单的无状态 http 身份验证，那么 JWT 就很好，而且实施起来相对较快，即使对于新手开发人员也是如此.

If you want simple stateless http authentication to an api, then JWT is just fine and relatively quick to implement, even for a novice developer.

为您提供一些 JWT 资源:

A few JWT resources for you:

• http://jwt.io/
• https://auth0.com/docs
• http://www.toptal.com/web/cookie-free-authentication-with-json-web-tokens-an-example-in-laravel-and-angularjs

还有一个 Oauth 资源:

And an Oauth resource:

• http://tutorials.jenkov.com/oauth2/overview.html

这篇关于OAuth 还是 JWT?使用哪一个，为什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！