@duanyubin 2017-05-24T07:51:09.000000Z 字数 638 阅读 377

JSONWEBTOKEN

NODE

What can jsonwebtoken do

LOGIN

Composition

HEADER.PAYLOAD.VERIFY SIGNATURE

structure

ALGORITHM & TOKEN TYPE

PAYLOAD

DATA

VERIFY SIGNATURE

signature of two fields above

Advantage

No need for cookies

Securely

Easy to use

How to use

Client request

POST /login HTTP/1.1
...
name=ybudan&password=123456

Server verify and generate signature

const person = await DB.model('person').find({ where: { email, password } })
if (person) {
  ctx.body = await sign({ DATA }, 'SECRET KEY', {
    expiresIn: '7 days'
  })
}

Client receive response and save token in localStorage

Everytime reopen the website, take token from localStorage and decode it

const token = localStorage.getItem('token')
const authToken = decode(token)

JSONWEBTOKEN

What can jsonwebtoken do

Composition

HEADER

PAYLOAD

VERIFY SIGNATURE

Advantage

No need for cookies

No need for sharing session

Securely

Easy to use

How to use

Client request

Server verify and generate signature

Client receive response and save token in localStorage

Everytime reopen the website, take token from localStorage and decode it

内容目录