[英]Bearer before token in JWT
I have noticed the convention is to send a JWT in the header under the field Authorization.我注意到约定是在字段 Authorization 下的标头中发送 JWT。 The standard is to send the token as such:标准是这样发送令牌:
Authorization:Bearer [token]
My question is why do I need to put the Bearer part why not just:我的问题是为什么我需要放置 Bearer 部分,为什么不只是:
Authorization:[token]
When I receive the first request I need to parse every request to get rid of the Bearer when I verify my JWT.当我收到第一个请求时,我需要在验证我的 JWT 时解析每个请求以摆脱 Bearer。 What is the point of this?这有什么意义?
It was started in the HTTP 1.0 standard, that added the Authorization: Basic
.它始于 HTTP 1.0 标准,添加了Authorization: Basic
。
Then some other popular protocols (/frameworks) popularised other kinds of authentication, like OAuth's Authorization: Bearer
.然后一些其他流行的协议(/frameworks)普及了其他类型的身份验证,例如OAuth 的Authorization: Bearer
。
Practically, the HTTP standard (both "obsolete" and "more modern" ) declare it as实际上,HTTP 标准( “过时”和“更现代” )将其声明为
Authorization = "Authorization" ":" credentials
without any constraints on how the credentials
to be shaped.对如何塑造credentials
没有任何限制。
So it is up to you on what you put there, as soon as it works for you.因此,只要它适合您,您就可以决定放在那里的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.