Using JWT for API verification, how to design the logic of token refresh? Save the generated token and a refresh token?
Does JWT also need to save the generated token? When users reapply for tokens, change passwords and perform other operations, clear the original token?
oAuth and JWT are a bit confusing.
漂亮男人2017-05-16 13:19:13
is a very lightweight specification. This specification allows us to use JWT to pass secure and reliable information between users and servers.
For example: when user A follows user B, the system sends an email to user B with a link "Click here to follow user A". The link address can be like this:
https://your.awesome-app.com/make-friend/?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcm9tX3VzZXIiOiJCIiwidGFyZ2V0X3VzZXIiOiJBIn0.rSWamyAYwuHCo7IFAgd1oRpSP7nzL7BF5t7ItqpKViMSee http://blog.leapoahead.com/20….
OAuth is an open network standard for authorization.
For example: There is a "cloud printing" website that can print out photos stored by users on Google. In order to use this service, users must let "Cloud Print" read their photos stored on Google. The problem is that Google will only allow "Cloud Print" to read these photos with the user's authorization. So, how does "Cloud Printing" obtain the user's authorization?
See http://www.ruanyifeng.com/blo….
Both use tokens to verify whether the request is safe.
However, the two should not be confused, because one is a bird and the other is a cannon.