CN110351265A - A kind of authentication method based on JWT, computer-readable medium and system - Google Patents
A kind of authentication method based on JWT, computer-readable medium and system Download PDFInfo
- Publication number
- CN110351265A CN110351265A CN201910591643.0A CN201910591643A CN110351265A CN 110351265 A CN110351265 A CN 110351265A CN 201910591643 A CN201910591643 A CN 201910591643A CN 110351265 A CN110351265 A CN 110351265A
- Authority
- CN
- China
- Prior art keywords
- token
- certified
- failure
- jwt
- library
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Abstract
The present invention relates to a kind of authentication methods based on JWT, method includes the following steps: step S1: being based on JWT technology export Token, and generate Token database;Step S2: client sends logging request, and server-side distributes a Token to be certified to client from Token database;Step S3: selective label is done to the Token to be certified of distribution, and a failure library Token is generated according to the Token to be certified of label;Step S4: the Token to be certified to match with the logging request of client input is obtained;Step S5: Token to be certified is matched with the Token in the failure library Token;If successful match, authentification failure authenticates successfully if matching is unsuccessful.By the way that the verifying to failure Token is added, so that actual conditions of the user according to itself, are marked the Token to be certified of distribution, and then generate the failure library Token according to the Token to be certified of label, to increase the safety that user carries out authentication.The present invention also provides a kind of computer-readable mediums.The present invention also provides a kind of authentication systems.
Description
[technical field]
The present invention relates to authentication field more particularly to a kind of authentication methods based on JWT, computer-readable Jie
Matter and system.
[background technique]
There are mainly two types of existing predominant authentication method for authenticating: a kind of that server-side is needed to retain a kind of (service of Session information
Terminal system), this mode can utmostly avoid client from forging unauthorized access caused by authentication information, can also spirit
The expired and failure of control user authentication living.The Session of server-side storage, it would be desirable to be able to quickly read, while Session
Quantity is also linearly related to any active ues quantity, under the scene that a large number of users burst pours in, storage and place to Session
Reason will consume vast resources, if resource capacity expansion is insufficient or not in time, be likely to result in processing slowly or system crash
The problems such as.
Another realization approach is using JWT (JSONWebToken, a kind of order for stating certain identity on network
Board) technology, the information such as user's unique identification, permission are formed into Token (token), in the client, this mode is cut off for storage
The correlation of requirement and any active ues quantity of the Session to resource, avoids Session scheme under high concurrent scene
Unconfined horizontal extension theoretically may be implemented simultaneously as server-side does not need storage Session in disadvantage.But JWT
Technology can not just be modified the AccessToken of sending, after issuing AccessToken (access Token) in this phase
Between, as long as other users possess the AccessToken of the user, so that it may access service using the AccessToken of the user
End, until AccessToken exceeds effective time, while by RefreshToken (refresh Token) refresh out one it is new
AccessToken can just make other users not be available AccessToken access server-side, therefore expired in AccessToken
There is security risk before.
[summary of the invention]
It is of the existing technology to overcome the problems, such as, the present invention provides a kind of authentication method based on JWT, computer can
Read medium and system.
The scheme that the present invention solves technical problem is to provide a kind of authentication method based on JWT, this method include with
Lower step: step S1: it is based on JWT technology export Token, and generates Token database;Step S2: client sends to log in and ask
It asks, server-side distributes a Token to be certified to client from Token database;Step S3: to the Token to be certified of distribution
Selective label is done, and a failure library Token is generated according to the Token to be certified of label;Step S4: it obtains defeated with client
The Token to be certified that the logging request entered matches;Step S5: by Token to be certified and failure the library Token in Token into
Row matching;If successful match, authentification failure authenticates successfully if matching is unsuccessful.
Preferably, step S3 does selective label to the Token of distribution, and generates a failure according to the Token of label
The library Token further comprises: step S21: doing selective label to the Token to be certified of distribution;Step S22: according to label
Token to be certified generate one failure the library Token.
Preferably, the Token includes Access Token and Refresh Token, and the Access Token is used for
It logs in, the Refresh Token is for refreshing Access Token.
Preferably, in above-mentioned steps S1, the effective time based on JWT technology combination user information and Access Token is defeated
Access Token out.
Preferably, in above-mentioned steps S1, the effective time based on JWT technology combination Refresh Token exports Refresh
Token。
Preferably, step S5 matches Token to be certified with the Token in the failure library Token;If successful match,
Authentification failure authenticates successfully if matching is unsuccessful, further includes steps of step S501 before: verifying is to be certified
Whether Access Token is legal, if legal, then enters step S502, if it is illegal, then authentification failure;And step S502: it tests
Access Token to be certified is demonstrate,proved whether within effective time, if so, entering step S5;If it is not, then authentification failure.
The present invention also provides a kind of computer-readable mediums, it is characterised in that: is stored in the computer-readable medium
Computer program, wherein the computer program is arranged to execute above-mentioned authentication method when operation.
The present invention also provides a kind of authentication system, the authentication system includes: database module, is configured as
Based on JWT technology export Token, and generate Token database;Distribution module is configured as client and sends logging request, clothes
A Token is distributed to client failure Token library module in business end from Token database, is configured as being the Token of distribution
The label of selectivity, and a failure library Token is generated according to the Token of label;Read module is configured as acquisition and client
The Token to be certified that the logging request of input matches;And failure authentication module, it is configured as Token to be certified and failure
Token in the library Token is matched;If successful match, authentification failure authenticates successfully if matching is unsuccessful.
Preferably, the failure Token library module further comprises: marking unit is configured as being the Token of distribution
The label of selectivity;And generation unit, it is configured as generating a failure library Token according to the Token of label.
Preferably, the authentication system further comprises: legal authentication module is configured to verify that acquisition
Whether Access Token is legal, if legal, then enters expired authentication module, if it is illegal, then authentification failure;And expired verifying
Module is configured to verify that the Token of acquisition whether within effective time, if so, entering failure authentication module, if it is not, then
Authentification failure.
Compared with prior art, authentication method of the invention, computer-readable medium and authentication system have
Following advantages:
1. the verifying to failure Token is added in existing JWT technology, so that actual conditions of the user according to itself,
The Token to be certified of distribution is marked, and then the failure library Token is generated according to the Token to be certified of label, to increase use
Family carries out the safety of authentication, meanwhile, it, can be with when Token to be certified is matched with the Token in the library Token of failing
To reduce occupied resource when server-side carries out matching work.
It, only need to be by the Access Token to be certified of the input of user and failure Token 2. whether verifying Token fails
Token in library is compared, without Access Token to be certified is matched with entire Token database, with
It reduces server-side and carries out occupied resource when matching work.
3. authentication method is stored in computer program, in order to which computer-readable medium runs the computer journey
Sequence, to realize authentication.
4. in authentication system be arranged database module, distribution module, failure Token library module, read module and
Fail authentication module, so that authentication system is able to carry out authentication.
[Detailed description of the invention]
Fig. 1 is the flow diagram of authentication method of the first embodiment of the invention based on JWT.
Fig. 2 is flow diagram of the first embodiment of the invention based on step S2 in the authentication method of JWT.
Fig. 3 is the identifying procedure schematic diagram of authentication method of the first embodiment of the invention based on JWT.
Fig. 4 is first part's module diagram of third embodiment of the invention authentication system.
Fig. 5 is the module diagram of failure Token library module in third embodiment of the invention authentication system.
Fig. 6 is the second part module diagram of third embodiment of the invention authentication system.
Description of symbols: 1, authentication system;11, database module;12, distribution module;13, the failure library Token
Module;14, read module;15, fail authentication module;131, marking unit;132, generation unit;16, legal authentication module;
17, expired authentication module.
[specific embodiment]
In order to make the purpose of the present invention, technical solution and advantage are more clearly understood, below in conjunction with attached drawing and embodiment,
The present invention will be described in further detail.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention,
It is not intended to limit the present invention.
Referring to Fig. 1, first embodiment of the invention provides a kind of authentication method based on JWT, this method include with
Lower step,
Step S1: it is based on JWT technology export Token, and generates Token database;
Step S2: client sends logging request, and server-side distributes a Token to be certified to visitor from Token database
Family end;
Step S3: selective label is done to the Token to be certified of distribution, and is generated according to the Token to be certified of label
The one failure library Token;
Step S4: the Token to be certified to match with the logging request of client input is obtained;
Step S5: Token to be certified is matched with the Token in the failure library Token;If successful match, certification is lost
It loses, if matching is unsuccessful, authenticates successfully.
Firstly, being based on JWT technology export Token, and the Token of output is all stored, to generate a Token
Database;With when client to server-side send logging request after, server-side distributed from Token database one it is to be certified
Token is to client;
In turn, user does selective label to the Token to be certified of distribution according to the actual situation, then according to label
Token to be certified generates a failure library Token in server-side;
After server-side is obtained with the logging request of client input to matched Token to be certified, server-side will be obtained
The Token to be certified taken is matched with the Token in the failure library Token, if successful match, illustrates the Token to be certified
It has existed with the failure library Token, i.e., the Token to be certified has failed, therefore authentification failure, namely is determined as the user's
Login authentication failure, if it fails to match, illustrate the Token to be certified be not present in failure the library Token in, therefore authenticate at
Function is determined as that the login of the user recognizes successfully.
Further, Token includes that Access Token and Refresh Token, Access Token recognize for logging in
Card, Refresh Token is for refreshing Access Token.Access Token and Refresh based on JWT technology export
There is an effective time, such as one hour, one day, one week in Token.
Access Token is to be exported based on the effective time of JWT technology combination user information and Access Token,
Refresh Token exports for the effective time based on JWT technology combination Refresh Token, therefore Access Token
It can only be used whithin a period of time with Refresh Token, i.e. the Access Token to be certified of distribution to client can only
It is used within effective time, more than the effective time of Access Token to be certified, Access Token as to be certified is expired,
Then using meeting authentification failure when Access Token to be certified, while Refresh Token refreshes a new Access out
Token;
At this point, server-side can distribute one newly from Token database again when client sends logging request again
Access Token to be certified is to client, and in turn, the usable new Access Token to be certified of client, which log in, to be recognized
Card.
It is appreciated that Access Token to be certified is the secret key of a string of messy code characters composition, user information includes user
User name and user right etc., in existing JWT certification, due to server-side distributed from Token database it is to be certified
After Access Token, the Access Token to be certified distributed can not be just modified, it is necessary to wait until to be certified
Access Token exceeds its effective time, and then Refresh Token refreshes the Access Token to be certified distributed,
Access Token to be certified can be made unavailable.In view of this, the present invention is based on the authentication methods of JWT to existing JWT
Certification improves, and when Access Token to be certified is granted to other people within effective time, wants to allow later and not and is awarded
When user logs in, by the way that the Access Token to be certified authorized away is marked, with this come to authorize away to
It authenticates Access Token and carries out crash handling, the user being awarded has been blocked to log in using Access Token to be certified, increase
Add the safety of authentication.
Referring to Fig. 2, step S3 does selective label to the Token of distribution, and one is generated according to the Token of label and is lost
The library Token is imitated, further comprises:
Step S21: selective label is done to the Token to be certified of distribution;
Step S22: a failure library Token is generated according to the Token of label.
Firstly, doing selective label to the Token of distribution, i.e., selectivity is done to the Access Token to be certified of distribution
Label so that label Access Token to be certified enter failure state;Then, according to the Access to be certified of label
Token generates a failure library Token, i.e., stores the markd Access Token to be certified of institute, form a failure
The library Token, and then when carrying out failure certification to the Access Token to be certified that client inputs, it is only necessary to it will be to be certified
Access Token is matched with Access Token in the failure library Token, can judge the Access to be certified of input
Whether Token fails, without by the Access Token in Access Token to be certified and entire Token database into
Row matching reduces server-side and carries out occupied resource when matching work;
In turn, it according to the matching result of Access Toke in Access Token to be certified and the failure library Token, obtains
Authentication result, authentication authorization and accounting success or authentification failure.
Referring to Fig. 3, step S5 matches Token to be certified with the Token in the failure library Token;If matching at
Function, authentification failure are authenticated successfully, are further included steps of before if matching is unsuccessful
Step S501: whether legal, if legal, then S502 is entered step, if not conforming to if verifying Access Token to be certified
Method, then authentification failure;
Step S502: Access Token to be certified is verified whether within effective time, if so, entering step S5;If
It is no, then authentification failure.
Firstly, whether legal, i.e., by Access Token to be certified and Token data if verifying Access Token to be certified
Access Token in library is matched, if successful match, determines that Access Token to be certified is legal, conversely, then sentencing
Fixed Access Token to be certified is illegal,
It is legal and then expired verifying is carried out to Access Token to be certified when verifying Access Token to be certified,
When verifying Access Token to be certified is illegal, it is concluded that authentication result, authentication authorization and accounting failure.
Then, Access Token to be certified is verified whether within effective time, i.e., whether is Access Token to be certified
It is expired, it, then will be to be certified if Access Token to be certified within effective time, i.e., Access Token to be certified is not out of date
Token in Access Token and the failure library Token carries out failure verifying, if Access Token to be certified is not when effective
In, i.e., Access Token to be certified is out of date, it is concluded that authentication result, authentication authorization and accounting failure.
It is appreciated that whether the legal Access Token to be certified and Token in server-side that as verifies is consistent, if one
It causes, then it represents that Access Token to be certified is legal, if inconsistent, then it represents that Access Token to be certified is illegal, wait recognize
Demonstrate,proving the whether expired as Access Token to be certified of Access Token is within effective time.
In application scenes, user's first sends the request of login service device using client, and server-side is from Token number
According to the client for distributing an Access Token to be certified to user's first in library;
At this point, user's second, due to work or operational needs, request uses the user information login service of user's first
Device, therefore, the Access Token to be certified that user's first distributes server are granted to user's second;
After Access Token to be certified is granted to user's second by user's first, and user's second is not yet awarded using user's first
When the Access Token to be certified given is logged in;
At this point, user's first is in the consideration of privacy and safety, user's second is not desired to using the user information of user's first and wait recognize
Access Token is demonstrate,proved to log in, therefore, user's first by server-side, will be granted to the Access Token to be certified of user's second into
Line flag, so that the Access Token to be certified enters the failure library Token;
Finally, when user's second is logged in using the user information and Access Token to be certified of user's first, server-side
The Access Token to be certified failure of user's second input, i.e. user's second authentification failure will be authenticated.
Second embodiment of the invention provides a kind of computer-readable medium, and computer journey is stored in computer-readable medium
Sequence, wherein computer program is arranged to execute above-mentioned authentication method when operation.
In accordance with an embodiment of the present disclosure, it may be implemented as computer software journey above with reference to the process of flow chart description
Sequence.For example, embodiment of the disclosure includes a kind of computer program product comprising carry meter on a computer-readable medium
Calculation machine program, the computer program include the program code for method shown in execution flow chart.In such embodiments,
The computer program can be downloaded and installed from network by communications portion, and/or be mounted from detachable media.At this
When computer program is executed by central processing unit (CPU), the above-mentioned function of limiting in the present processes is executed.It needs to illustrate
, computer-readable medium described herein can be computer-readable signal media or computer readable storage medium
Either the two any combination.Computer readable storage medium for example including but be not limited to electricity, magnetic, optical, electromagnetic, infrared
The system of line or semiconductor, device or device, or any above combination.Computer readable storage medium it is more specific
Example can include but is not limited to: have electrical connection, portable computer diskette, hard disk, the random visit of one or more conducting wires
Ask memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable
Compact disc read-only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.?
In the application, computer readable storage medium can be any tangible medium for including or store program, which can be referred to
Enable execution system, device or device use or in connection.And in this application, computer-readable signal media
It may include in a base band or as the data-signal that carrier wave a part is propagated, wherein carrying computer-readable program generation
Code.The data-signal of this propagation can take various forms, including but not limited to electromagnetic signal, optical signal or above-mentioned any
Suitable combination.Computer-readable signal media can also be any computer-readable other than computer readable storage medium
Medium, the computer-readable medium can be sent, propagated or transmitted for being used by instruction execution system, device or device
Or program in connection.The program code for including on computer-readable medium can pass with any suitable medium
It is defeated, including but not limited to: wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.
The calculating of the operation for executing the application can be write with one or more programming languages or combinations thereof
Machine program code, described program design language include object oriented program language such as Java, Smalltalk, C++,
It further include conventional procedural programming language such as " C " language or similar programming language.Program code can be complete
It executes, partly executed on the user computer on the user computer entirely, being executed as an independent software package, part
Part executes on the remote computer or executes on remote computer or server-side completely on the user computer.It is relating to
And in the situation of remote computer, remote computer can include local area network (LAN) or wide area network by the network of any kind
(WAN) it is connected to subscriber computer, or, it may be connected to outer computer (such as led to using ISP
Cross internet connection).
Referring to Fig. 4, third embodiment of the invention provides a kind of authentication system 1, including database module 11, distribution
Module 12, failure Token library module 13, read module 14 and failure authentication module 15,
Database module 11 is configured as server-side and is based on JWT technology export Token, and generates Token database;
Distribution module 12 is configured as client and sends logging request, and server-side distributes a Token from Token database
To client
Failure Token library module 13 is configured as being the Token of distribution selective label, and according to label
Token generates a failure library Token;
Read module 14 is configured as obtaining the Token to be certified to match with the logging request of client input;And
Failure authentication module 15 is configured as matching Token to be certified with the Token in the failure library Token;If
Successful match, authentification failure authenticate successfully if matching is unsuccessful.
Referring to Fig. 5, failure Token library module 13 further comprises marking unit 131 and generation unit 132;
Marking unit 131 is configured as being the Token of distribution selective label;
Generation unit 132 is configured as generating a failure library Token according to the Token of label.
Referring to Fig. 6, the authentication system further comprises legal authentication module 16 and expired authentication module 17;
Legal authentication module 16 is configured to verify that whether the Access Token of acquisition is legal, if legal, then enters
Phase authentication module, if it is illegal, then authentification failure;
Expired authentication module 17 is configured to verify that the Token of acquisition whether within effective time, if so, entering failure
Authentication module, if it is not, then authentification failure.
Failure authentication module failure verifying is carried out to Toke to be certified before, first using legal authentication module 16 verifying to
Whether legal authenticate Toke, after the verifying for completing legal authentication module 16, then reuse the verifying of expired authentication module 17 to
Authenticate Toke it is whether expired, after the verifying for completing expired authentication module 17, finally just using failure authentication module 15 verifying to
Whether certification Toke fails.
Definitions relevant content in first embodiment is equally applicable to the present embodiment.
Compared with prior art, authentication method of the invention, computer-readable medium and authentication system have
Following advantages:
1. the verifying to failure Token is added in existing JWT technology, so that actual conditions of the user according to itself,
The Token to be certified of distribution is marked, and then the failure library Token is generated according to the Token to be certified of label, to increase use
Family carries out the safety of authentication, meanwhile, it, can be with when Token to be certified is matched with the Token in the library Token of failing
To reduce occupied resource when server-side carries out matching work.
It, only need to be by the Access Token to be certified of the input of user and failure Token 2. whether verifying Token fails
Token in library is compared, without Access Token to be certified is matched with entire Token database, with
It reduces server-side and carries out occupied resource when matching work.
3. authentication method is stored in computer program, in order to which computer-readable medium runs the computer journey
Sequence, to realize authentication.
4. in authentication system be arranged database module, distribution module, failure Token library module, read module and
Fail authentication module, so that authentication system is able to carry out authentication.
The foregoing is merely present pre-ferred embodiments, are not intended to limit the invention, it is all principle of the present invention it
Any modification made by interior, equivalent replacement and improvement etc. should all be comprising within protection scope of the present invention.
Claims (10)
1. a kind of authentication method based on JWT, it is characterised in that: method includes the following steps:
Step S1: it is based on JWT technology export Token, and generates Token database;
Step S2: client sends logging request, and server-side distributes a Token to be certified to client from Token database;
Step S3: selective label is done to the Token to be certified of distribution, and generates one according to the Token to be certified of label and loses
Imitate the library Token;
Step S4: the Token to be certified to match with the logging request of client input is obtained;
Step S5: Token to be certified is matched with the Token in the failure library Token;If successful match, authentification failure, if
It matches unsuccessful, authenticates successfully.
2. as described in claim 1 based on the authentication method of JWT, it is characterised in that: step S3 is the Token of distribution
The label of selectivity, and a failure library Token is generated according to the Token of label, further comprise:
Step S21: selective label is done to the Token to be certified of distribution;
Step S22: a failure library Token is generated according to the Token to be certified of label.
3. as described in claim 1 based on the authentication method of JWT, it is characterised in that: the Token includes Access
Token and Refresh Token, the Access Token are for logging in, and the Refresh Token is for refreshing Access
Token。
4. as claimed in claim 3 based on the authentication method of JWT, it is characterised in that: in above-mentioned steps S1, be based on JWT
The effective time of technology combination user information and Access Token export Access Token.
5. as claimed in claim 3 based on the authentication method of JWT, it is characterised in that: in above-mentioned steps S1, be based on JWT
The effective time of technology combination Refresh Token exports Refresh Token.
6. as claimed in claim 3 based on the authentication method of JWT, it is characterised in that: step S5 by Token to be certified with
Token in the failure library Token is matched;If successful match, authentification failure authenticates successfully if matching is unsuccessful, advance
One step the following steps are included:
Step S501: whether legal, if legal, then enter step S502, if it is illegal, then if verifying Access Token to be certified
Authentification failure;And
Step S502: Access Token to be certified is verified whether within effective time, if so, entering step S5;If it is not, then
Authentification failure.
7. a kind of computer-readable medium, it is characterised in that: it is stored with computer program in the computer-readable medium,
In, the computer program is arranged to perform claim when operation and requires authentication method described in any one of 1-6.
8. a kind of authentication system, it is characterised in that: the authentication system includes:
Database module is configured as based on JWT technology export Token, and generates Token database;
Distribution module is configured as client and sends logging request, and server-side distributes a Token to visitor from Token database
Family end
Fail Token library module, is configured as being the Token of distribution selective label, and is generated according to the Token of label
The one failure library Token;
Read module is configured as obtaining the Token to be certified to match with the logging request of client input;And
Fail authentication module, is configured as matching Token to be certified with the Token in the failure library Token;If matching at
Function, authentification failure authenticate successfully if matching is unsuccessful.
9. authentication system as claimed in claim 8, it is characterised in that: the failure Token library module further comprises:
Marking unit is configured as being the Token of distribution selective label;And
Generation unit is configured as generating a failure library Token according to the Token of label.
10. authentication system as claimed in claim 8, it is characterised in that: the authentication system further comprises:
Legal authentication module is configured to verify that whether the Access Token of acquisition is legal, if legal, then enters expired verifying
Module, if it is illegal, then authentification failure;And
Expired authentication module is configured to verify that the Token of acquisition whether within effective time, if so, entering failure verifying
Module, if it is not, then authentification failure.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910591643.0A CN110351265A (en) | 2019-07-02 | 2019-07-02 | A kind of authentication method based on JWT, computer-readable medium and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910591643.0A CN110351265A (en) | 2019-07-02 | 2019-07-02 | A kind of authentication method based on JWT, computer-readable medium and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110351265A true CN110351265A (en) | 2019-10-18 |
Family
ID=68177561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910591643.0A Pending CN110351265A (en) | 2019-07-02 | 2019-07-02 | A kind of authentication method based on JWT, computer-readable medium and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110351265A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112685709A (en) * | 2021-01-13 | 2021-04-20 | 树根互联技术有限公司 | Authorization token management method and device, storage medium and electronic equipment |
CN112822258A (en) * | 2020-12-31 | 2021-05-18 | 北京神州数字科技有限公司 | Bank open system access method and system |
CN112861092A (en) * | 2021-03-10 | 2021-05-28 | 上海昊沧系统控制技术有限责任公司 | Method and system for realizing single-terminal login limitation based on JWT authentication application |
CN112953951A (en) * | 2021-03-02 | 2021-06-11 | 浪潮云信息技术股份公司 | User login verification and security detection method and system based on domestic CPU |
CN115296877A (en) * | 2022-07-25 | 2022-11-04 | 紫光云技术有限公司 | Method for invalidation and renewal of JWT storage token |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103593387A (en) * | 2012-08-17 | 2014-02-19 | 国际商业机器公司 | Method and system for efficiently storing and retrieving data and metadata in phases |
CN104823408A (en) * | 2012-12-06 | 2015-08-05 | 高通股份有限公司 | Management of network devices utilizing authorization token |
US20160119319A1 (en) * | 2014-10-23 | 2016-04-28 | Alibaba Group Holding Limited | Method and apparatus for facilitating the login of an account |
CN108334790A (en) * | 2017-01-20 | 2018-07-27 | 苹果公司 | Manage the access to media account |
CN109743331A (en) * | 2019-01-29 | 2019-05-10 | 杭州电子科技大学 | One kind being based on matched access control method |
-
2019
- 2019-07-02 CN CN201910591643.0A patent/CN110351265A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103593387A (en) * | 2012-08-17 | 2014-02-19 | 国际商业机器公司 | Method and system for efficiently storing and retrieving data and metadata in phases |
CN104823408A (en) * | 2012-12-06 | 2015-08-05 | 高通股份有限公司 | Management of network devices utilizing authorization token |
US20160119319A1 (en) * | 2014-10-23 | 2016-04-28 | Alibaba Group Holding Limited | Method and apparatus for facilitating the login of an account |
CN108334790A (en) * | 2017-01-20 | 2018-07-27 | 苹果公司 | Manage the access to media account |
CN109743331A (en) * | 2019-01-29 | 2019-05-10 | 杭州电子科技大学 | One kind being based on matched access control method |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112822258A (en) * | 2020-12-31 | 2021-05-18 | 北京神州数字科技有限公司 | Bank open system access method and system |
CN112822258B (en) * | 2020-12-31 | 2023-04-07 | 北京神州数字科技有限公司 | Bank open system access method and system |
CN112685709A (en) * | 2021-01-13 | 2021-04-20 | 树根互联技术有限公司 | Authorization token management method and device, storage medium and electronic equipment |
CN112685709B (en) * | 2021-01-13 | 2024-02-23 | 树根互联股份有限公司 | Authorization token management method and device, storage medium and electronic equipment |
CN112953951A (en) * | 2021-03-02 | 2021-06-11 | 浪潮云信息技术股份公司 | User login verification and security detection method and system based on domestic CPU |
CN112953951B (en) * | 2021-03-02 | 2022-04-12 | 浪潮云信息技术股份公司 | User login verification and security detection method and system based on domestic CPU |
CN112861092A (en) * | 2021-03-10 | 2021-05-28 | 上海昊沧系统控制技术有限责任公司 | Method and system for realizing single-terminal login limitation based on JWT authentication application |
CN115296877A (en) * | 2022-07-25 | 2022-11-04 | 紫光云技术有限公司 | Method for invalidation and renewal of JWT storage token |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111756753B (en) | Authority verification method and system | |
CN110351265A (en) | A kind of authentication method based on JWT, computer-readable medium and system | |
CN109309683B (en) | Token-based client identity authentication method and system | |
CN107239688B (en) | The purview certification method and system in Docker mirror image warehouse | |
CN108684041B (en) | System and method for login authentication | |
CN109981561A (en) | Monomer architecture system moves to the user authen method of micro services framework | |
US10530763B2 (en) | Late binding authentication | |
US10362019B2 (en) | Managing security credentials | |
CN106209749A (en) | Single-point logging method and the processing method and processing device of device, relevant device and application | |
US9767262B1 (en) | Managing security credentials | |
CN101262342A (en) | Distributed authorization and validation method, device and system | |
CN105430014B (en) | A kind of single-point logging method and its system | |
CN103139200A (en) | Single sign-on method of web service | |
CN109067785A (en) | Cluster authentication method, device | |
JP6223639B2 (en) | Authentication system | |
CN103746969A (en) | Vehicle terminal authentication method and authentication server | |
CN109286627A (en) | Identity identifying method based on double factor authentication | |
US20210249145A1 (en) | Information communication device, authentication program for information communication device, and authentication method | |
US20190297071A1 (en) | Managing security credentials | |
CN109962892A (en) | A kind of authentication method and client, server logging in application | |
CN107634834A (en) | A kind of trusted identity authentication method based on the more scenes in multiple terminals | |
CN109981680A (en) | A kind of access control implementation method, device, computer equipment and storage medium | |
CN108881280A (en) | Cut-in method, content distribution network system and access system | |
CN107682321B (en) | A kind of method and device of SDN controller cluster single-sign-on | |
CN111010375A (en) | Distributed authentication and authorization method for allowing third-party application to access resources |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191018 |