Web API 身份验证基本与承载 [英] Web API Authentication Basic vs Bearer

问题描述

我在我的 Web API 应用程序中创建了基于 JWT 的身份验证.我无法弄清楚两者之间的区别

I have created JWT based Authentication in my Web API application. I am not able to figure out the difference between

1. 基本令牌
2. 不记名令牌

有人可以帮帮我吗?

推荐答案

Basic 和 Digest 身份验证方案专用于使用用户名和密码进行身份验证(请参阅 RFC7616 和 RFC7617).

The Basic and Digest authentication schemes are dedicated to the authentication using a username and a secret (see RFC7616 and RFC7617).

Bearer 身份验证方案专用于使用令牌进行身份验证，并由 RFC6750.即使此方案来自 OAuth2 规范，您仍然可以在客户端和服务器之间交换令牌的任何其他上下文中使用它.

The Bearer authentication scheme is dedicated to the authentication using a token and is described by the RFC6750. Even if this scheme comes from an OAuth2 specification, you can still use it in any other context where tokens are exchange between a client and a server.

关于 JWT 认证，因为它是一个令牌，所以最好的选择是 Bearer 认证方案.尽管如此，没有什么能阻止您使用适合您要求的自定义方案.

Concerning the JWT authentication and as it is a token, the best choice is the Bearer authentication scheme. Nevertheless, nothing prevent you from using a custom scheme that could fit on your requirements.

这篇关于Web API 身份验证基本与承载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！