通过HTTPS通信是否需要JWT? [英] Is JWT necessary over HTTPS communication?

问题描述

我正在开发MEAN堆栈应用程序，目前正在建立一个帐户系统.我看过一些有关身份验证的教程，它们都使用 JWT . 我还看到JWT是一种通过HTTP之类的非安全连接来保护通信传输的好方法.

I'm developping a MEAN stack application, and I'm currently setting up an account system. I've seen several tutorials about Authentication, all using JWT. I've also seen that JWT are a great way to secure communication transport over non-secured connection like HTTP.

我已经设置了HTTPS以从Angular 4前端与NodeJS + Express后端进行通信，因此，我想知道是否有必要使用JWT来保护我的通信吗?

I've set up HTTPS to communicate from my Angular 4 front-end to my NodeJS + Express back-end, and thus, wondering if JWT are necessary to secure my communications?

推荐答案

如今，开发人员更喜欢基于令牌的身份验证，而不是会话.与会话相比，基于令牌的身份验证具有很多优势. 我们使用JWT(即JSON Web令牌)在用户身份验证后生成令牌，每次您的前端应用程序进行API调用时，您的系统应检查该请求是否具有有效令牌(如果存在)并且有效，然后考虑作为有效用户.

Nowadays developers prefer Token Based Authentication instead of Session. Token Based Authentication have lots of advantages over Session. We use JWT i.e. JSON Web Token to generate a token after user authentication, every time your front-end app makes an API call so your system should check whether the request has the valid token or not if it is there and it valid then it considered as the valid user.

简而言之，我们使用JWT来验证API调用，这与HTTP或HTTPS无关

In short, we use JWT to validate our API calls it is nothing to do with HTTP or HTTPS

这篇关于通过HTTPS通信是否需要JWT?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！