专栏首页readmejwt helloworld
原创

jwt helloworld

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.

Json web token (JWT), 是为了在网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519).该token被设计为紧凑且安全的,特别适用于分布式站点的单点登录(SSO)场景。JWT的声明一般被用来在身份提供者和服务提供者间传递被认证的用户身份信息,以便于从资源服务器获取资源,也可以增加一些额外的其它业务逻辑所必须的声明信息,该token也可直接被用于认证,也可被加密。

local pyjwt test

# pip install pyjwt
import jwt
encoded_jwt = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256')
decoded_jwt = jwt.decode(encoded_jwt, 'secret', algorithms=['HS256'])
print(encoded_jwt)
print(decoded_jwt)
b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkfiJ9.Pm0vaMVKxSFn4T8iNWiqqH5ZJ42yRgwfr86zuak1A4g'
{'hello': 'world~'}

djangorestframework-jwt

# pip install djangorestframework-jwt
# settings.py
REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
    ),
}
# urls.py
# obtain token
from rest_framework_jwt.views import obtain_jwt_token
#...
urlpatterns = [
    '',
    # ...
    url(r'^api-token-auth/', obtain_jwt_token),
]
curl -X POST -d "username=admin&password=password123" http://localhost:8000/api-token-auth/
curl -X POST -H "Content-Type: application/json" -d '{"username":"xiaoli","password":"1"}' http://localhost/api-token-auth/
curl -H "Authorization: JWT <your_token>" http://localhost:8000/protected-url/
# urls.py
# refresh token
from rest_framework_jwt.views import refresh_jwt_token
#  ...
urlpatterns = [
    #  ...
    url(r'^api-token-refresh/', refresh_jwt_token),
]
curl -X POST -H "Content-Type: application/json" -d '{"token":"<EXISTING_TOKEN>"}' http://localhost:8000/api-token-refresh/
# urls.py
# verify token
from rest_framework_jwt.views import verify_jwt_token
#...
urlpatterns = [
    #  ...
    url(r'^api-token-verify/', verify_jwt_token),
]
curl -X POST -H "Content-Type: application/json" -d '{"token":"<EXISTING_TOKEN>"}' http://localhost:8000/api-token-verify/
# manual creation
from rest_framework_jwt.settings import api_settings

jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER

payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)

https://pyjwt.readthedocs.io/en/latest/

https://jpadilla.github.io/django-rest-framework-jwt/

原创声明,本文系作者授权云+社区发表,未经许可,不得转载。

如有侵权,请联系 yunjia_community@tencent.com 删除。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • Django Dev. 后台开发总结

    readme
  • ImageNet Classification 深度学习模型

    https://github.com/google-research/noisystudent Tensorflow

    readme
  • two.js konvas.js helloworld

    两个画图用的JS框架。前端框架的名字都蛮有意思的, two.js - three.js - D3.js , canvas - konvas.js , view ...

    readme
  • iOS 中获取某个视图的截图

    最近在做SDK的截图,想触发类似系统的截屏功能,找了一圈,总结一下靠谱的几种方式。 我写了个UIView 的category,将这几种方式封装和简化了一下。

    Haley_Wong
  • Ansible线上部署出现中文乱码

    老七Linux
  • 医疗人工智能系统努力在IT系统上表现良好

    近年来,医疗保健中人工智能的期望水平达到了高潮,一些试点项目取得了积极的早期成果。这些项目中的大多数涉及AI系统正在训练医学数据的样本数据集,例如X射线或其他医...

    Java架构师历程
  • Python MD5加密

    简单介绍一下使用Python内置哈希库对字符串进行MD5加密的方法: 首先是导入MD5加密所需模块:

    周小董
  • 截屏工具千千万,用了这个不舍得换

    值此之际,新开张一个小栏目以作庆贺 — 万事(事物)屋,分享日常小工具,方便工作和生活。目标是一周一会,浏览一分钟,加快效率五分钟。

    生信宝典
  • 案例 | 原创宝携手法大大电子合同,共同助力版权保护

    “喂!你们的把柄可都在这,爱抄袭的贼们!” 2017年11月22日,简书出版官方以此为标题,正式发布了反侵权公告。

    法大大电子合同
  • 堆栈溢出渗透实战-part3

    Stack Overflows for Beginners: 1这个靶机还剩下三个flag没有拿到,继续加油。

    光明SAMA

扫码关注云+社区

领取腾讯云代金券