我应该在服务器端将jwt令牌存储在哪里进行身份验证 [英] Where should I store jwt token for authentication on server side

问题描述

在我的nodejs应用程序中，我正在使用jwt令牌进行身份验证.现在，创建令牌后，将对其进行验证.为此，应将其存储在某处以进行验证.因此，我的问题是，应该将它存储在与相关用户ID相对的单独数据库模式中，还是应该将其存储在其他位置?

In my nodejs app, I am using jwt tokens for authentication. Now after the token gets created , it is going to be verified. For that, it should be stored somewhere for verification purpose. So, my question is, should I store it in separate database schema against concerned userid or should I store it somewhere else?

推荐答案

JWT不需要存储在服务器端.创建JWT时，您使用秘密对其进行加密-将其视为密码".然后将其发送到可以存储它的客户端.

JWTs do not need to be stored on the server side. When you create a JWT, you encrypt it using a secret - think of this as the "password." Then you send it to the client where it can be stored.

当客户端发出请求时，它将与它一起发送JWT.在服务器端，您可以使用相同的机密对其进行解密.如果该密码不起作用，则说明它是无效的JWT.

When the client makes a request, it sends the JWT along with it. On the server side, you can the decrypt it using the same secret. If the secret does not work, you know it is an invalid JWT.

出于明显的原因，您的JWT机密应保密！最好的方法是将其存储为环境变量.

For obvious reasons, your JWT secret should be kept secret! The best way to do this is to store it as an environment variable.

这篇关于我应该在服务器端将jwt令牌存储在哪里进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！