什么是基于令牌的认证? [英] What is token based authentication?
问题描述
我想明白基于令牌的认证方式。我在网上搜索,但找不到任何可以理解的。
I want to understand what token-based authentication means. I searched the internet but couldn't find anything understandable.
推荐答案
我认为这是很好的解释<一个href=\"http://www.w3.org/2001/sw/Europe/events/foaf-galway/papers/fp/token%5Fbased%5Fauthentication/\">here - 报价只是长篇文章的关键语句:
I think it's well explained here -- quoting just the key sentences of the long article:
背后的一般概念
基于令牌的认证系统是
简单。允许用户输入他们的
为了用户名和密码
获得令牌,该令牌允许他们
获取特定的资源 - 无
用他们的用户名和密码。
一旦得到他们的道理,
用户可提供该令牌 - 这
提供访问特定资源
一段时间 - 至远程
站点。
The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource - without using their username and password. Once their token has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site.
在换句话说:加一层间接验证 - 不必为每个受保护的资源的用户名和密码进行身份验证,用户验证这样一次(限期会话内),获得一个有时间限制令牌的回报,并使用该令牌的认证处理会议期间。
In other words: add one level of indirection for authentication -- instead of having to authenticate with username and password for each protected resource, the user authenticates that way once (within a session of limited duration), obtains a time-limited token in return, and uses that token for further authentication during the session.
有许多优势 - 例如,用户可以通过该令牌,一旦他们知道的话,就到一些其他的自动化系统,他们愿意在有限的时间和有限资源的信任,但会不可以愿意(直到他们改变自己的密码,即,与每一个他们允许访问的资源,直到永远,或者至少)与他们的用户名和密码信任。
Advantages are many -- e.g., the user could pass the token, once they've obtained it, on to some other automated system which they're willing to trust for a limited time and a limited set of resources, but would not be willing to trust with their username and password (i.e., with every resource they're allowed to access, forevermore or at least until they change their password).
如果事情还不清楚,请编辑您的问题,以澄清究竟是不是100%的清楚你,我敢肯定,我们可以进一步帮助你。
If anything is still unclear, please edit your question to clarify WHAT isn't 100% clear to you, and I'm sure we can help you further.
这篇关于什么是基于令牌的认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
