CN110351265A - A kind of authentication method based on JWT, computer-readable medium and system - Google Patents

A kind of authentication method based on JWT, computer-readable medium and system Download PDF

Info

Publication number
CN110351265A
CN110351265A CN201910591643.0A CN201910591643A CN110351265A CN 110351265 A CN110351265 A CN 110351265A CN 201910591643 A CN201910591643 A CN 201910591643A CN 110351265 A CN110351265 A CN 110351265A
Authority
CN
China
Prior art keywords
token
certified
failure
jwt
library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910591643.0A
Other languages
Chinese (zh)
Inventor
张发恩
臧之雅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Innovation Qizhi (chongqing) Technology Co Ltd
Original Assignee
Innovation Qizhi (chongqing) Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Innovation Qizhi (chongqing) Technology Co Ltd filed Critical Innovation Qizhi (chongqing) Technology Co Ltd
Priority to CN201910591643.0A priority Critical patent/CN110351265A/en
Publication of CN110351265A publication Critical patent/CN110351265A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Abstract

The present invention relates to a kind of authentication methods based on JWT, method includes the following steps: step S1: being based on JWT technology export Token, and generate Token database;Step S2: client sends logging request, and server-side distributes a Token to be certified to client from Token database;Step S3: selective label is done to the Token to be certified of distribution, and a failure library Token is generated according to the Token to be certified of label;Step S4: the Token to be certified to match with the logging request of client input is obtained;Step S5: Token to be certified is matched with the Token in the failure library Token;If successful match, authentification failure authenticates successfully if matching is unsuccessful.By the way that the verifying to failure Token is added, so that actual conditions of the user according to itself, are marked the Token to be certified of distribution, and then generate the failure library Token according to the Token to be certified of label, to increase the safety that user carries out authentication.The present invention also provides a kind of computer-readable mediums.The present invention also provides a kind of authentication systems.

Description

A kind of authentication method based on JWT, computer-readable medium and system
[technical field]
The present invention relates to authentication field more particularly to a kind of authentication methods based on JWT, computer-readable Jie Matter and system.
[background technique]
There are mainly two types of existing predominant authentication method for authenticating: a kind of that server-side is needed to retain a kind of (service of Session information Terminal system), this mode can utmostly avoid client from forging unauthorized access caused by authentication information, can also spirit The expired and failure of control user authentication living.The Session of server-side storage, it would be desirable to be able to quickly read, while Session Quantity is also linearly related to any active ues quantity, under the scene that a large number of users burst pours in, storage and place to Session Reason will consume vast resources, if resource capacity expansion is insufficient or not in time, be likely to result in processing slowly or system crash The problems such as.
Another realization approach is using JWT (JSONWebToken, a kind of order for stating certain identity on network Board) technology, the information such as user's unique identification, permission are formed into Token (token), in the client, this mode is cut off for storage The correlation of requirement and any active ues quantity of the Session to resource, avoids Session scheme under high concurrent scene Unconfined horizontal extension theoretically may be implemented simultaneously as server-side does not need storage Session in disadvantage.But JWT Technology can not just be modified the AccessToken of sending, after issuing AccessToken (access Token) in this phase Between, as long as other users possess the AccessToken of the user, so that it may access service using the AccessToken of the user End, until AccessToken exceeds effective time, while by RefreshToken (refresh Token) refresh out one it is new AccessToken can just make other users not be available AccessToken access server-side, therefore expired in AccessToken There is security risk before.
[summary of the invention]
It is of the existing technology to overcome the problems, such as, the present invention provides a kind of authentication method based on JWT, computer can Read medium and system.
The scheme that the present invention solves technical problem is to provide a kind of authentication method based on JWT, this method include with Lower step: step S1: it is based on JWT technology export Token, and generates Token database;Step S2: client sends to log in and ask It asks, server-side distributes a Token to be certified to client from Token database;Step S3: to the Token to be certified of distribution Selective label is done, and a failure library Token is generated according to the Token to be certified of label;Step S4: it obtains defeated with client The Token to be certified that the logging request entered matches;Step S5: by Token to be certified and failure the library Token in Token into Row matching;If successful match, authentification failure authenticates successfully if matching is unsuccessful.
Preferably, step S3 does selective label to the Token of distribution, and generates a failure according to the Token of label The library Token further comprises: step S21: doing selective label to the Token to be certified of distribution;Step S22: according to label Token to be certified generate one failure the library Token.
Preferably, the Token includes Access Token and Refresh Token, and the Access Token is used for It logs in, the Refresh Token is for refreshing Access Token.
Preferably, in above-mentioned steps S1, the effective time based on JWT technology combination user information and Access Token is defeated Access Token out.
Preferably, in above-mentioned steps S1, the effective time based on JWT technology combination Refresh Token exports Refresh Token。
Preferably, step S5 matches Token to be certified with the Token in the failure library Token;If successful match, Authentification failure authenticates successfully if matching is unsuccessful, further includes steps of step S501 before: verifying is to be certified Whether Access Token is legal, if legal, then enters step S502, if it is illegal, then authentification failure;And step S502: it tests Access Token to be certified is demonstrate,proved whether within effective time, if so, entering step S5;If it is not, then authentification failure.
The present invention also provides a kind of computer-readable mediums, it is characterised in that: is stored in the computer-readable medium Computer program, wherein the computer program is arranged to execute above-mentioned authentication method when operation.
The present invention also provides a kind of authentication system, the authentication system includes: database module, is configured as Based on JWT technology export Token, and generate Token database;Distribution module is configured as client and sends logging request, clothes A Token is distributed to client failure Token library module in business end from Token database, is configured as being the Token of distribution The label of selectivity, and a failure library Token is generated according to the Token of label;Read module is configured as acquisition and client The Token to be certified that the logging request of input matches;And failure authentication module, it is configured as Token to be certified and failure Token in the library Token is matched;If successful match, authentification failure authenticates successfully if matching is unsuccessful.
Preferably, the failure Token library module further comprises: marking unit is configured as being the Token of distribution The label of selectivity;And generation unit, it is configured as generating a failure library Token according to the Token of label.
Preferably, the authentication system further comprises: legal authentication module is configured to verify that acquisition Whether Access Token is legal, if legal, then enters expired authentication module, if it is illegal, then authentification failure;And expired verifying Module is configured to verify that the Token of acquisition whether within effective time, if so, entering failure authentication module, if it is not, then Authentification failure.
Compared with prior art, authentication method of the invention, computer-readable medium and authentication system have Following advantages:
1. the verifying to failure Token is added in existing JWT technology, so that actual conditions of the user according to itself, The Token to be certified of distribution is marked, and then the failure library Token is generated according to the Token to be certified of label, to increase use Family carries out the safety of authentication, meanwhile, it, can be with when Token to be certified is matched with the Token in the library Token of failing To reduce occupied resource when server-side carries out matching work.
It, only need to be by the Access Token to be certified of the input of user and failure Token 2. whether verifying Token fails Token in library is compared, without Access Token to be certified is matched with entire Token database, with It reduces server-side and carries out occupied resource when matching work.
3. authentication method is stored in computer program, in order to which computer-readable medium runs the computer journey Sequence, to realize authentication.
4. in authentication system be arranged database module, distribution module, failure Token library module, read module and Fail authentication module, so that authentication system is able to carry out authentication.
[Detailed description of the invention]
Fig. 1 is the flow diagram of authentication method of the first embodiment of the invention based on JWT.
Fig. 2 is flow diagram of the first embodiment of the invention based on step S2 in the authentication method of JWT.
Fig. 3 is the identifying procedure schematic diagram of authentication method of the first embodiment of the invention based on JWT.
Fig. 4 is first part's module diagram of third embodiment of the invention authentication system.
Fig. 5 is the module diagram of failure Token library module in third embodiment of the invention authentication system.
Fig. 6 is the second part module diagram of third embodiment of the invention authentication system.
Description of symbols: 1, authentication system;11, database module;12, distribution module;13, the failure library Token Module;14, read module;15, fail authentication module;131, marking unit;132, generation unit;16, legal authentication module; 17, expired authentication module.
[specific embodiment]
In order to make the purpose of the present invention, technical solution and advantage are more clearly understood, below in conjunction with attached drawing and embodiment, The present invention will be described in further detail.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, It is not intended to limit the present invention.
Referring to Fig. 1, first embodiment of the invention provides a kind of authentication method based on JWT, this method include with Lower step,
Step S1: it is based on JWT technology export Token, and generates Token database;
Step S2: client sends logging request, and server-side distributes a Token to be certified to visitor from Token database Family end;
Step S3: selective label is done to the Token to be certified of distribution, and is generated according to the Token to be certified of label The one failure library Token;
Step S4: the Token to be certified to match with the logging request of client input is obtained;
Step S5: Token to be certified is matched with the Token in the failure library Token;If successful match, certification is lost It loses, if matching is unsuccessful, authenticates successfully.
Firstly, being based on JWT technology export Token, and the Token of output is all stored, to generate a Token Database;With when client to server-side send logging request after, server-side distributed from Token database one it is to be certified Token is to client;
In turn, user does selective label to the Token to be certified of distribution according to the actual situation, then according to label Token to be certified generates a failure library Token in server-side;
After server-side is obtained with the logging request of client input to matched Token to be certified, server-side will be obtained The Token to be certified taken is matched with the Token in the failure library Token, if successful match, illustrates the Token to be certified It has existed with the failure library Token, i.e., the Token to be certified has failed, therefore authentification failure, namely is determined as the user's Login authentication failure, if it fails to match, illustrate the Token to be certified be not present in failure the library Token in, therefore authenticate at Function is determined as that the login of the user recognizes successfully.
Further, Token includes that Access Token and Refresh Token, Access Token recognize for logging in Card, Refresh Token is for refreshing Access Token.Access Token and Refresh based on JWT technology export There is an effective time, such as one hour, one day, one week in Token.
Access Token is to be exported based on the effective time of JWT technology combination user information and Access Token, Refresh Token exports for the effective time based on JWT technology combination Refresh Token, therefore Access Token It can only be used whithin a period of time with Refresh Token, i.e. the Access Token to be certified of distribution to client can only It is used within effective time, more than the effective time of Access Token to be certified, Access Token as to be certified is expired, Then using meeting authentification failure when Access Token to be certified, while Refresh Token refreshes a new Access out Token;
At this point, server-side can distribute one newly from Token database again when client sends logging request again Access Token to be certified is to client, and in turn, the usable new Access Token to be certified of client, which log in, to be recognized Card.
It is appreciated that Access Token to be certified is the secret key of a string of messy code characters composition, user information includes user User name and user right etc., in existing JWT certification, due to server-side distributed from Token database it is to be certified After Access Token, the Access Token to be certified distributed can not be just modified, it is necessary to wait until to be certified Access Token exceeds its effective time, and then Refresh Token refreshes the Access Token to be certified distributed, Access Token to be certified can be made unavailable.In view of this, the present invention is based on the authentication methods of JWT to existing JWT Certification improves, and when Access Token to be certified is granted to other people within effective time, wants to allow later and not and is awarded When user logs in, by the way that the Access Token to be certified authorized away is marked, with this come to authorize away to It authenticates Access Token and carries out crash handling, the user being awarded has been blocked to log in using Access Token to be certified, increase Add the safety of authentication.
Referring to Fig. 2, step S3 does selective label to the Token of distribution, and one is generated according to the Token of label and is lost The library Token is imitated, further comprises:
Step S21: selective label is done to the Token to be certified of distribution;
Step S22: a failure library Token is generated according to the Token of label.
Firstly, doing selective label to the Token of distribution, i.e., selectivity is done to the Access Token to be certified of distribution Label so that label Access Token to be certified enter failure state;Then, according to the Access to be certified of label Token generates a failure library Token, i.e., stores the markd Access Token to be certified of institute, form a failure The library Token, and then when carrying out failure certification to the Access Token to be certified that client inputs, it is only necessary to it will be to be certified Access Token is matched with Access Token in the failure library Token, can judge the Access to be certified of input Whether Token fails, without by the Access Token in Access Token to be certified and entire Token database into Row matching reduces server-side and carries out occupied resource when matching work;
In turn, it according to the matching result of Access Toke in Access Token to be certified and the failure library Token, obtains Authentication result, authentication authorization and accounting success or authentification failure.
Referring to Fig. 3, step S5 matches Token to be certified with the Token in the failure library Token;If matching at Function, authentification failure are authenticated successfully, are further included steps of before if matching is unsuccessful
Step S501: whether legal, if legal, then S502 is entered step, if not conforming to if verifying Access Token to be certified Method, then authentification failure;
Step S502: Access Token to be certified is verified whether within effective time, if so, entering step S5;If It is no, then authentification failure.
Firstly, whether legal, i.e., by Access Token to be certified and Token data if verifying Access Token to be certified Access Token in library is matched, if successful match, determines that Access Token to be certified is legal, conversely, then sentencing Fixed Access Token to be certified is illegal,
It is legal and then expired verifying is carried out to Access Token to be certified when verifying Access Token to be certified, When verifying Access Token to be certified is illegal, it is concluded that authentication result, authentication authorization and accounting failure.
Then, Access Token to be certified is verified whether within effective time, i.e., whether is Access Token to be certified It is expired, it, then will be to be certified if Access Token to be certified within effective time, i.e., Access Token to be certified is not out of date Token in Access Token and the failure library Token carries out failure verifying, if Access Token to be certified is not when effective In, i.e., Access Token to be certified is out of date, it is concluded that authentication result, authentication authorization and accounting failure.
It is appreciated that whether the legal Access Token to be certified and Token in server-side that as verifies is consistent, if one It causes, then it represents that Access Token to be certified is legal, if inconsistent, then it represents that Access Token to be certified is illegal, wait recognize Demonstrate,proving the whether expired as Access Token to be certified of Access Token is within effective time.
In application scenes, user's first sends the request of login service device using client, and server-side is from Token number According to the client for distributing an Access Token to be certified to user's first in library;
At this point, user's second, due to work or operational needs, request uses the user information login service of user's first Device, therefore, the Access Token to be certified that user's first distributes server are granted to user's second;
After Access Token to be certified is granted to user's second by user's first, and user's second is not yet awarded using user's first When the Access Token to be certified given is logged in;
At this point, user's first is in the consideration of privacy and safety, user's second is not desired to using the user information of user's first and wait recognize Access Token is demonstrate,proved to log in, therefore, user's first by server-side, will be granted to the Access Token to be certified of user's second into Line flag, so that the Access Token to be certified enters the failure library Token;
Finally, when user's second is logged in using the user information and Access Token to be certified of user's first, server-side The Access Token to be certified failure of user's second input, i.e. user's second authentification failure will be authenticated.
Second embodiment of the invention provides a kind of computer-readable medium, and computer journey is stored in computer-readable medium Sequence, wherein computer program is arranged to execute above-mentioned authentication method when operation.
In accordance with an embodiment of the present disclosure, it may be implemented as computer software journey above with reference to the process of flow chart description Sequence.For example, embodiment of the disclosure includes a kind of computer program product comprising carry meter on a computer-readable medium Calculation machine program, the computer program include the program code for method shown in execution flow chart.In such embodiments, The computer program can be downloaded and installed from network by communications portion, and/or be mounted from detachable media.At this When computer program is executed by central processing unit (CPU), the above-mentioned function of limiting in the present processes is executed.It needs to illustrate , computer-readable medium described herein can be computer-readable signal media or computer readable storage medium Either the two any combination.Computer readable storage medium for example including but be not limited to electricity, magnetic, optical, electromagnetic, infrared The system of line or semiconductor, device or device, or any above combination.Computer readable storage medium it is more specific Example can include but is not limited to: have electrical connection, portable computer diskette, hard disk, the random visit of one or more conducting wires Ask memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable Compact disc read-only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.? In the application, computer readable storage medium can be any tangible medium for including or store program, which can be referred to Enable execution system, device or device use or in connection.And in this application, computer-readable signal media It may include in a base band or as the data-signal that carrier wave a part is propagated, wherein carrying computer-readable program generation Code.The data-signal of this propagation can take various forms, including but not limited to electromagnetic signal, optical signal or above-mentioned any Suitable combination.Computer-readable signal media can also be any computer-readable other than computer readable storage medium Medium, the computer-readable medium can be sent, propagated or transmitted for being used by instruction execution system, device or device Or program in connection.The program code for including on computer-readable medium can pass with any suitable medium It is defeated, including but not limited to: wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.
The calculating of the operation for executing the application can be write with one or more programming languages or combinations thereof Machine program code, described program design language include object oriented program language such as Java, Smalltalk, C++, It further include conventional procedural programming language such as " C " language or similar programming language.Program code can be complete It executes, partly executed on the user computer on the user computer entirely, being executed as an independent software package, part Part executes on the remote computer or executes on remote computer or server-side completely on the user computer.It is relating to And in the situation of remote computer, remote computer can include local area network (LAN) or wide area network by the network of any kind (WAN) it is connected to subscriber computer, or, it may be connected to outer computer (such as led to using ISP Cross internet connection).
Referring to Fig. 4, third embodiment of the invention provides a kind of authentication system 1, including database module 11, distribution Module 12, failure Token library module 13, read module 14 and failure authentication module 15,
Database module 11 is configured as server-side and is based on JWT technology export Token, and generates Token database;
Distribution module 12 is configured as client and sends logging request, and server-side distributes a Token from Token database To client
Failure Token library module 13 is configured as being the Token of distribution selective label, and according to label Token generates a failure library Token;
Read module 14 is configured as obtaining the Token to be certified to match with the logging request of client input;And
Failure authentication module 15 is configured as matching Token to be certified with the Token in the failure library Token;If Successful match, authentification failure authenticate successfully if matching is unsuccessful.
Referring to Fig. 5, failure Token library module 13 further comprises marking unit 131 and generation unit 132;
Marking unit 131 is configured as being the Token of distribution selective label;
Generation unit 132 is configured as generating a failure library Token according to the Token of label.
Referring to Fig. 6, the authentication system further comprises legal authentication module 16 and expired authentication module 17;
Legal authentication module 16 is configured to verify that whether the Access Token of acquisition is legal, if legal, then enters Phase authentication module, if it is illegal, then authentification failure;
Expired authentication module 17 is configured to verify that the Token of acquisition whether within effective time, if so, entering failure Authentication module, if it is not, then authentification failure.
Failure authentication module failure verifying is carried out to Toke to be certified before, first using legal authentication module 16 verifying to Whether legal authenticate Toke, after the verifying for completing legal authentication module 16, then reuse the verifying of expired authentication module 17 to Authenticate Toke it is whether expired, after the verifying for completing expired authentication module 17, finally just using failure authentication module 15 verifying to Whether certification Toke fails.
Definitions relevant content in first embodiment is equally applicable to the present embodiment.
Compared with prior art, authentication method of the invention, computer-readable medium and authentication system have Following advantages:
1. the verifying to failure Token is added in existing JWT technology, so that actual conditions of the user according to itself, The Token to be certified of distribution is marked, and then the failure library Token is generated according to the Token to be certified of label, to increase use Family carries out the safety of authentication, meanwhile, it, can be with when Token to be certified is matched with the Token in the library Token of failing To reduce occupied resource when server-side carries out matching work.
It, only need to be by the Access Token to be certified of the input of user and failure Token 2. whether verifying Token fails Token in library is compared, without Access Token to be certified is matched with entire Token database, with It reduces server-side and carries out occupied resource when matching work.
3. authentication method is stored in computer program, in order to which computer-readable medium runs the computer journey Sequence, to realize authentication.
4. in authentication system be arranged database module, distribution module, failure Token library module, read module and Fail authentication module, so that authentication system is able to carry out authentication.
The foregoing is merely present pre-ferred embodiments, are not intended to limit the invention, it is all principle of the present invention it Any modification made by interior, equivalent replacement and improvement etc. should all be comprising within protection scope of the present invention.

Claims (10)

1. a kind of authentication method based on JWT, it is characterised in that: method includes the following steps:
Step S1: it is based on JWT technology export Token, and generates Token database;
Step S2: client sends logging request, and server-side distributes a Token to be certified to client from Token database;
Step S3: selective label is done to the Token to be certified of distribution, and generates one according to the Token to be certified of label and loses Imitate the library Token;
Step S4: the Token to be certified to match with the logging request of client input is obtained;
Step S5: Token to be certified is matched with the Token in the failure library Token;If successful match, authentification failure, if It matches unsuccessful, authenticates successfully.
2. as described in claim 1 based on the authentication method of JWT, it is characterised in that: step S3 is the Token of distribution The label of selectivity, and a failure library Token is generated according to the Token of label, further comprise:
Step S21: selective label is done to the Token to be certified of distribution;
Step S22: a failure library Token is generated according to the Token to be certified of label.
3. as described in claim 1 based on the authentication method of JWT, it is characterised in that: the Token includes Access Token and Refresh Token, the Access Token are for logging in, and the Refresh Token is for refreshing Access Token。
4. as claimed in claim 3 based on the authentication method of JWT, it is characterised in that: in above-mentioned steps S1, be based on JWT The effective time of technology combination user information and Access Token export Access Token.
5. as claimed in claim 3 based on the authentication method of JWT, it is characterised in that: in above-mentioned steps S1, be based on JWT The effective time of technology combination Refresh Token exports Refresh Token.
6. as claimed in claim 3 based on the authentication method of JWT, it is characterised in that: step S5 by Token to be certified with Token in the failure library Token is matched;If successful match, authentification failure authenticates successfully if matching is unsuccessful, advance One step the following steps are included:
Step S501: whether legal, if legal, then enter step S502, if it is illegal, then if verifying Access Token to be certified Authentification failure;And
Step S502: Access Token to be certified is verified whether within effective time, if so, entering step S5;If it is not, then Authentification failure.
7. a kind of computer-readable medium, it is characterised in that: it is stored with computer program in the computer-readable medium, In, the computer program is arranged to perform claim when operation and requires authentication method described in any one of 1-6.
8. a kind of authentication system, it is characterised in that: the authentication system includes:
Database module is configured as based on JWT technology export Token, and generates Token database;
Distribution module is configured as client and sends logging request, and server-side distributes a Token to visitor from Token database Family end
Fail Token library module, is configured as being the Token of distribution selective label, and is generated according to the Token of label The one failure library Token;
Read module is configured as obtaining the Token to be certified to match with the logging request of client input;And
Fail authentication module, is configured as matching Token to be certified with the Token in the failure library Token;If matching at Function, authentification failure authenticate successfully if matching is unsuccessful.
9. authentication system as claimed in claim 8, it is characterised in that: the failure Token library module further comprises:
Marking unit is configured as being the Token of distribution selective label;And
Generation unit is configured as generating a failure library Token according to the Token of label.
10. authentication system as claimed in claim 8, it is characterised in that: the authentication system further comprises:
Legal authentication module is configured to verify that whether the Access Token of acquisition is legal, if legal, then enters expired verifying Module, if it is illegal, then authentification failure;And
Expired authentication module is configured to verify that the Token of acquisition whether within effective time, if so, entering failure verifying Module, if it is not, then authentification failure.
CN201910591643.0A 2019-07-02 2019-07-02 A kind of authentication method based on JWT, computer-readable medium and system Pending CN110351265A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910591643.0A CN110351265A (en) 2019-07-02 2019-07-02 A kind of authentication method based on JWT, computer-readable medium and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910591643.0A CN110351265A (en) 2019-07-02 2019-07-02 A kind of authentication method based on JWT, computer-readable medium and system

Publications (1)

Publication Number Publication Date
CN110351265A true CN110351265A (en) 2019-10-18

Family

ID=68177561

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910591643.0A Pending CN110351265A (en) 2019-07-02 2019-07-02 A kind of authentication method based on JWT, computer-readable medium and system

Country Status (1)

Country Link
CN (1) CN110351265A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685709A (en) * 2021-01-13 2021-04-20 树根互联技术有限公司 Authorization token management method and device, storage medium and electronic equipment
CN112822258A (en) * 2020-12-31 2021-05-18 北京神州数字科技有限公司 Bank open system access method and system
CN112861092A (en) * 2021-03-10 2021-05-28 上海昊沧系统控制技术有限责任公司 Method and system for realizing single-terminal login limitation based on JWT authentication application
CN112953951A (en) * 2021-03-02 2021-06-11 浪潮云信息技术股份公司 User login verification and security detection method and system based on domestic CPU
CN115296877A (en) * 2022-07-25 2022-11-04 紫光云技术有限公司 Method for invalidation and renewal of JWT storage token

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103593387A (en) * 2012-08-17 2014-02-19 国际商业机器公司 Method and system for efficiently storing and retrieving data and metadata in phases
CN104823408A (en) * 2012-12-06 2015-08-05 高通股份有限公司 Management of network devices utilizing authorization token
US20160119319A1 (en) * 2014-10-23 2016-04-28 Alibaba Group Holding Limited Method and apparatus for facilitating the login of an account
CN108334790A (en) * 2017-01-20 2018-07-27 苹果公司 Manage the access to media account
CN109743331A (en) * 2019-01-29 2019-05-10 杭州电子科技大学 One kind being based on matched access control method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103593387A (en) * 2012-08-17 2014-02-19 国际商业机器公司 Method and system for efficiently storing and retrieving data and metadata in phases
CN104823408A (en) * 2012-12-06 2015-08-05 高通股份有限公司 Management of network devices utilizing authorization token
US20160119319A1 (en) * 2014-10-23 2016-04-28 Alibaba Group Holding Limited Method and apparatus for facilitating the login of an account
CN108334790A (en) * 2017-01-20 2018-07-27 苹果公司 Manage the access to media account
CN109743331A (en) * 2019-01-29 2019-05-10 杭州电子科技大学 One kind being based on matched access control method

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822258A (en) * 2020-12-31 2021-05-18 北京神州数字科技有限公司 Bank open system access method and system
CN112822258B (en) * 2020-12-31 2023-04-07 北京神州数字科技有限公司 Bank open system access method and system
CN112685709A (en) * 2021-01-13 2021-04-20 树根互联技术有限公司 Authorization token management method and device, storage medium and electronic equipment
CN112685709B (en) * 2021-01-13 2024-02-23 树根互联股份有限公司 Authorization token management method and device, storage medium and electronic equipment
CN112953951A (en) * 2021-03-02 2021-06-11 浪潮云信息技术股份公司 User login verification and security detection method and system based on domestic CPU
CN112953951B (en) * 2021-03-02 2022-04-12 浪潮云信息技术股份公司 User login verification and security detection method and system based on domestic CPU
CN112861092A (en) * 2021-03-10 2021-05-28 上海昊沧系统控制技术有限责任公司 Method and system for realizing single-terminal login limitation based on JWT authentication application
CN115296877A (en) * 2022-07-25 2022-11-04 紫光云技术有限公司 Method for invalidation and renewal of JWT storage token

Similar Documents

Publication Publication Date Title
CN111756753B (en) Authority verification method and system
CN110351265A (en) A kind of authentication method based on JWT, computer-readable medium and system
CN109309683B (en) Token-based client identity authentication method and system
CN107239688B (en) The purview certification method and system in Docker mirror image warehouse
CN108684041B (en) System and method for login authentication
CN109981561A (en) Monomer architecture system moves to the user authen method of micro services framework
US10530763B2 (en) Late binding authentication
US10362019B2 (en) Managing security credentials
CN106209749A (en) Single-point logging method and the processing method and processing device of device, relevant device and application
US9767262B1 (en) Managing security credentials
CN101262342A (en) Distributed authorization and validation method, device and system
CN105430014B (en) A kind of single-point logging method and its system
CN103139200A (en) Single sign-on method of web service
CN109067785A (en) Cluster authentication method, device
JP6223639B2 (en) Authentication system
CN103746969A (en) Vehicle terminal authentication method and authentication server
CN109286627A (en) Identity identifying method based on double factor authentication
US20210249145A1 (en) Information communication device, authentication program for information communication device, and authentication method
US20190297071A1 (en) Managing security credentials
CN109962892A (en) A kind of authentication method and client, server logging in application
CN107634834A (en) A kind of trusted identity authentication method based on the more scenes in multiple terminals
CN109981680A (en) A kind of access control implementation method, device, computer equipment and storage medium
CN108881280A (en) Cut-in method, content distribution network system and access system
CN107682321B (en) A kind of method and device of SDN controller cluster single-sign-on
CN111010375A (en) Distributed authentication and authorization method for allowing third-party application to access resources

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191018