Token is stateless server !
Statefull means server maintains client's state. so whenever client request someting, the server checks state(state is saved in session). statefull save authentication data in memory.
Stateless means any state are not saved in server. only check inputs from the client. dont save anythings about authentication in memory.
JWT can be send by HTTP header or URL parameter.
JWT is used usually user authentication and information comunication(e.g. Dont let the information modified)
How does it look?
aaaaaa.bbbbbb.cccccccc
header.payload.signatureHeader has two kinds of data : typ(type), alg(hasing algoritym)
{
"typ": "JWT",
"alg": "HS256"
}
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9Payload has datas that token will contains
const payload = {
"iss": "velopert.com"
"exp": "123415214",
"https://verlopert.com/jwt_claims/is_admin": true,
"userId": "123124214",
"username": "velopert"
};
.eyJpc3MiOiJ2ZWxvcGVydC5jb20iLCJleHAiOiIxNDg1MjcwMDAwMDAwIiwiaHR0cHM6Ly92ZWxvcGVydC5jb20vand0X2NsYWltcy9pc19hZG1pbiI6dHJ1ZSwidXNlcklkIjoiMTEwMjgzNzM3MjcxMDIiLCJ1c2VybmFtZSI6InZlbG9wZXJ0In0
Signature, as the name say, it means signature.
const signature = crypto.createHmac('sha256', 'secret')
.update(encodedHeader + '.' encodedPayload)
.digest('base64')
.replace('=', '');
WE5fMufM0NDSVGJ8cAolXGkyB5RmYwCto1pQwDIqo2wfull JWT
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
.eyJpc3MiOiJ2ZWxvcGVydC5jb20iLCJleHAiOiIxNDg1MjcwMDAwMDAwIiwiaHR0cHM6Ly92ZWxvcGVydC5jb20vand0X2NsYWltcy9pc19hZG1pbiI6dHJ1ZSwidXNlcklkIjoiMTEwMjgzNzM3MjcxMDIiLCJ1c2VybmFtZSI6InZlbG9wZXJ0In0
.WE5fMufM0NDSVGJ8cAolXGkyB5RmYwCto1pQwDIqo2w
'express' 카테고리의 다른 글
| Query mongoose (0) | 2020.05.21 |
|---|---|
| So what do I do with Token? (0) | 2020.05.19 |
| What should I do with Errors? express.js (0) | 2020.05.17 |
| Error Handling using Promise. (0) | 2020.05.16 |
| How does HTTP request looks like (0) | 2020.05.15 |