JWT 和 Bearer Token 有什么区别? [英] What's the difference between JWTs and Bearer Token?
问题描述
我正在学习一些有关授权的知识,例如 Basic、Digest、OAuth2.0、JWT 和 Bearer Token.
I'm learning something about Authorization like Basic, Digest, OAuth2.0, JWTs, and Bearer Token.
现在我有一个问题.
您知道 JWT 在 OAuth2.0 标准中被用作 Access_Token.JWT 出现在 RFC 7519 中,Bearer Token 出现在 RFC 6750 中.
You know the JWTs is being used as an Access_Token in the OAuth2.0 standard. JWTs appears at RFC 7519, and Bearer Token is at RFC 6750 .
例如承载者:
Authorization: Bearer <token>
我曾经通过 AJAX 向服务器发送令牌或将令牌添加到 url 的查询字符串.我知道也可以通过将令牌添加到请求标头来发送令牌.这是否意味着应该将令牌添加到 Authorization Bearer 标头?
I used to send token to server by AJAX or add token to the query string of the url. I know that a token can also be sent by adding it to a request header. Does that mean that token should be added to Authorization Bearer header?
你能告诉我JWTs和Bearer Token之间的关系吗?非常感谢.
Could you please tell me the relationship between JWTs and Bearer Token? Thanks a lot.
推荐答案
JWT 是令牌的编码标准,其中包含可以签名和加密的 JSON 数据负载.
JWT is an encoding standard for tokens that contains a JSON data payload that can be signed and encrypted.
JWT 可用于许多事情,其中包括不记名令牌,即您可以向某些服务提供的一条信息,由于您拥有它(您是不记名"),您可以访问某些内容.
JWT can be used for many things, among those are bearer tokens, i.e. a piece of information that you can present to some service that by virtue of you having it (you being the "bearer") grants you access to something.
Bearer 令牌可以以不同的方式包含在 HTTP 请求中,其中一种(可能是首选)是 Authorization 标头.但您也可以将其放入请求参数、cookie 或请求正文中.这主要是在您和您尝试访问的服务器之间.
Bearer tokens can be included in an HTTP request in different ways, one of them (probably the preferred one) being the Authorization header. But you could also put it into a request parameter, a cookie or the request body. That is mostly between you and the server you are trying to access.
这篇关于JWT 和 Bearer Token 有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
