https://jwt.io/
https://jpadilla.github.io/django-rest-framework-jwt/
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.
Json web token (JWT), 是为了在网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519).该token被设计为紧凑且安全的,特别适用于分布式站点的单点登录(SSO)场景。JWT的声明一般被用来在身份提供者和服务提供者间传递被认证的用户身份信息,以便于从资源服务器获取资源,也可以增加一些额外的其它业务逻辑所必须的声明信息,该token也可直接被用于认证,也可被加密。
local pyjwt test
代码语言:python代码运行次数:0复制# pip install pyjwt
import jwt
encoded_jwt = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256')
decoded_jwt = jwt.decode(encoded_jwt, 'secret', algorithms=['HS256'])
print(encoded_jwt)
print(decoded_jwt)b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkfiJ9.Pm0vaMVKxSFn4T8iNWiqqH5ZJ42yRgwfr86zuak1A4g'
{'hello': 'world~'}djangorestframework-jwt
代码语言:shell复制pip install djangorestframework-jwt# ------------------------------------------------------------ #
# settings.py DRF JWT
# ------------------------------------------------------------ #
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
}
import datetime
JWT_AUTH = {
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_AUTH_HEADER_PREFIX': 'Bearer',
'JWT_PAYLOAD_HANDLER':
'rest_framework_jwt.utils.jwt_payload_handler',
'JWT_ALLOW_REFRESH': True,
}
# ------------------------------------------------------------ #
# settings.py path
# ------------------------------------------------------------ #
from django.contrib import admin
from django.urls import path
from rest_framework_jwt.views import (
obtain_jwt_token,
verify_jwt_token,
refresh_jwt_token
)
urlpatterns = [
path('admin/', admin.site.urls),
path('login', obtain_jwt_token, name='login'),
path('verify', verify_jwt_token, name='verify'),
path('refresh', refresh_jwt_token, name='refresh'),
]curl -X POST -d "username=readme&password=2" http://127.0.0.1:8000/login
command login
api_view login
verify
refresh
checkstill pending
