Home >Backend Development >PHP Tutorial >做php app接口时,怎么验证app

做php app接口时,怎么验证app

WBOY
WBOYOriginal
2016-06-06 20:16:211382browse

做php app接口时,怎么验证app

回复内容:

做php app接口时,怎么验证app

1.在登陆验证通过的时候,服务端生成一个token令牌,令牌包含用户身份和过期时间等信息,然后返回给前端,存在cookie里;
2.后面app端请求数据接口时,将令牌带上,服务端解码验证,通过则允许调用。

JWT具体实现方案:
http://blog.leapoahead.com/2015/09/07/user-authentication-with-jwt/

http://blog.leapoahead.com/2015/09/06/understanding-jwt/

当然这种实现方案就像一楼说的,还是有被模拟提交的可能性,不过已经算是比较安全了,更高的可能需要加密app,https防止抓包等

可以通过设置指定UA、参数签名加密等方式验证App。不过这些都并不完全可靠,因为App程序是对外公开的,原则上都有被反编译的可能,可就是说有被模拟提交的可能。

公钥私钥:私钥做签名公钥验证

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn