search

Home >Backend Development >PHP Problem >How to generate php token

How to generate php token

(*-*)浩
(*-*)浩Original
2019-10-12 14:13:326368browse

Separating the front and back ends or in order to support multiple web applications, there will be big problems in using the original cookies or sessions

Cookie and session authentication need to be under the same primary domain name Authentication can be performed (currently, the session can be stored in redis for solution).

How to generate php token

Solution

##oauth2 and jwt (recommended learning:

PHP video tutorial)

jwt: It is a security standard. The basic idea is that the user provides the user name and password to the authentication server, and the server verifies the legitimacy of the information submitted by the user; if the verification is successful, a token (token) will be generated and returned

OAuth2: It is a secure authorization framework . It describes in detail how to achieve mutual authentication between different roles, users, service front-end applications (such as API), and clients (such as websites or mobile APPs) in the system. (JWT, this JSON Web Token is used here for authentication)

Generation method

Header: Encryption type

Description: Message Content

key: a random code used for encryption

Use the above three parts, connect them, and then use hs256 to encrypt and generate token

Detailed generation method

1). The header usually consists of two parts: the type of token (i.e. JWT) and the encryption algorithm used (such as: SHA256 or RSA) 

{
      "alg": "HS256",
      "typ": "JWT"
}

Then, this The json is Base64Url encoded and becomes the first part

2). The payload is the declaration. The declaration is about the entity. 

{
      "exp": "1525785339",
      "sub": "1234567890",
      "name": "John Doe",
      "admin": true
}

The payload is then Base64Url encoded and becomes the second part

(PS: This information, although protected from tampering, can be read by anyone. Do not put important information inside unless it is encrypted )

3). Use an encryption key

4). To sign, you need to use the first encoded part, the second encoded part, and then a key key. Use the encryption algorithm in the first part to sign 

HMACSHA256(
          base64UrlEncode(header) + "." + base64UrlEncode(payload),
          key
)

This signature is used to verify whether the message has been tampered with.

(PHP uses the crypt method for encryption. Note: SHA-256 is used to prevent tampering, and AES-256 is used to encrypt. The two concepts are different)

The above is the detailed content of How to generate php token. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:What editor should I use to open php files?Next article:What editor should I use to open php files?

Related articles

See more