JWT中令牌之前的不记名
[英]Bearer before token in JWT
问题描述
I have noticed the convention is to send a JWT in the header under the field Authorization.
我注意到约定是在字段 Authorization 下的标头中发送 JWT。 The standard is to send the token as such:标准是这样发送令牌:
Authorization:Bearer [token]
My question is why do I need to put the Bearer part why not just:我的问题是为什么我需要放置 Bearer 部分,为什么不只是:
Authorization:[token]
When I receive the first request I need to parse every request to get rid of the Bearer when I verify my JWT.当我收到第一个请求时,我需要在验证我的 JWT 时解析每个请求以摆脱 Bearer。 What is the point of this?这有什么意义?
1 个解决方案
解决方案1
10 已采纳 2017-03-23 02:43:23
It was started in the HTTP 1.0 standard, that added the Authorization: Basic .它始于 HTTP 1.0 标准,添加了Authorization: Basic 。
Then some other popular protocols (/frameworks) popularised other kinds of authentication, like OAuth's Authorization: Bearer .然后一些其他流行的协议(/frameworks)普及了其他类型的身份验证,例如OAuth 的Authorization: Bearer 。
Practically, the HTTP standard (both "obsolete" and "more modern" ) declare it as实际上,HTTP 标准( “过时”和“更现代” )将其声明为
Authorization = "Authorization" ":" credentials
without any constraints on how the credentials to be shaped.对如何塑造credentials没有任何限制。
So it is up to you on what you put there, as soon as it works for you.因此,只要它适合您,您就可以决定放在那里的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.