为什么JWT是无状态身份验证? [英] Why JWT is a stateless authentication?
问题描述
我试图了解JWT身份验证是如何无状态的.在状态验证中,将有一个会话ID.这里有一个签名的JWT令牌.因此,身份验证服务器发出JWT令牌,但是我可以说,后续请求中JWT令牌的验证是由端点服务器(应用程序服务器)而不是身份验证服务器完成的.我相信这是可能的,因为JWT已与到期日期(以及一些其他信息)签名,并且身份验证服务器的公共证书可用于所有端点服务器.
因此,身份验证服务器将仅负责发行令牌,而不负责验证.验证将由端点服务器完成.
我的理解正确吗?这是JWT变成无状态的方式吗?否则,我看不出它与有状态身份验证有何不同,因为两者都可以使用令牌来实现.
在状态验证中,集中式服务器将负责颁发令牌以及每个请求均进行验证.
I am trying to understand how JWT authentication is stateless. In stateful authentication, there will be a session id. Here there is a JWT token which is signed. So the authentication server issues the JWT token, but can I say the validation of the JWT token in subsequent requests are done by the endpoint server (application server) rather than the authentication server. I believe this is possible as JWT is signed with expiry date (and also some other information) and the public certificate of authentication server is available to all endpoint servers.
So the authentication server will be only responsible for issuing the tokens and not validation. The validation will be done by the endpoint server.
Is my understanding correct? Is this how JWT is made stateless? Otherwise, I don't see how it is different from a stateful authentication as both can be implemented using tokens.
In stateful authentication, the centralized server will be responsible for issuing the tokens as well as validation is each request.
JSON Web Tokens (JWT) are referred to as stateless because the authorizing server needs to maintain no state; the token itself is all that is needed to verify a token bearer's authorization.
JWTs are signed using a digital signature algorithm (e.g. RSA) which cannot be forged. Because of this, anyone that trusts the signer's certificate can safely trust that the JWT is authentic. There's no need for a server to consult the token-issuing server to confirm its authenticity.
Notice in this diagram that the Resource Server does not need to check back with the Authorization Server:
Source: https://jwt.io/introduction/
这篇关于为什么JWT是无状态身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
