http-token-authentication

问题 I've been coding a RESTful service in Java. This is what I've understood till now (correct me if i'm wrong): Token authorization is done using JSON Web Tokens (JWT) which have three parts: the header, the payload, and the secret (shared between the client and the server). I understood this concept and stumbled over JSON Web Signature (JWS) while reading about JWT. JWS also is an encoded entity similar to JWT having a header, payload, and a shared secret. Question: What is the difference

问题 I am referencing another SO post that discusses using refresh tokens with JWT. JWT (JSON Web Token) automatic prolongation of expiration I have an application with a very common architecture where my clients (web and mobile) talk to a REST API which then talks to a service layer and data layer. I understand JWT token authentication, but I am a little confused at how I should use refresh tokens. I want my JWT authentication to have the following properties: JWT Token has an expiration of 2

问题 I want to establish Web API Token Authentication with Angular JS as client. I am very new to this concept of Token Authentication inside Web API. I do not want to use ASP.NET Identity default tables to add or authenticate user. I have my own database and a table called "EmployeeAccess" table which contains EmployeeNumber as User Id and Password. I want to authenticate the users against the values in this table and then want to grant token so that they gets authorized for subsequent call. I

问题 I'm trying to use the TokenAuthentication with one of my views. As documented in https://www.django-rest-framework.org/api-guide/authentication/, I add the token I received from the login as an HTTP header called: 'Authorization' in the request I send. The problem is that in my unittests the authentication fails. Looking into the TokenAuthentication class I see that the header being checked is 'HTTP_AUTHORIZATION' and not 'Authorization' The view I'm using: class DeviceCreate(generics

问题 Which are the steps must I follow to implement a token authentication in my web page? Any summary or links will be appreciated. I want to implement similar to Facebook or Google, first time client loggin and receive token and then use it in next actions. I read also about OAuth but I don't want to give access to my application from 3rd party. Thanks for the long response and it seems clear to me I need to read more about this. What I want is to know the "steps" to implement a basic web

问题 I'm trying to allow users to login to my Flask app using their accounts from a separate web service. I can contact the api of this web service and receive a security token. How do I use this token to authenticate users so that they have access to restricted views? I don't need to save users into my own database. I only want to authenticate them for a session. I believe this can be done using Flask-Security and the @auth_token_required decorator but the documentation is not very detailed and I

问题 I am using devise-token-auth gem on Rails 4.2, and I've added a field nickname to the User model. I am trying to implement this via an override of the gem controller class Users::RegistrationsController < DeviseTokenAuth::RegistrationsController before_filter :configure_permitted_parameters def update #this line never shows in the logs Rails.logger.info "I never get to run!!" super end protected # my new custom field is :nickname def configure_permitted_parameters devise_parameter_sanitizer

问题 I am working on a MultiTennat SaaS applicaiton in .Net Core + Kestral + Reverse Proxy with Apache on Linux. My application will start on multiple ports: http://localhost:50001 http://localhost:50002 ... http://localhost:5000(n) Each port, as shown above, will be linked to a fully qualified domain name which will be accessed by different customer. http://localhost:50001 <--> www.customer1.com http://localhost:50002 <--> www.customer2.com ... http://localhost:5000(n) <--> www.customer(n).com

问题 I am trying to make a GET request to a local server I have running. I am having trouble returning the correct data, I am seeing an 'Unauthorized' response. Can anyone spot any glaring issues with this given that the String 'token' is correct. protected Object doInBackground(Void... params) { try { String url = "http://192.168.0.59:8000/events/"; URL object = new URL(url); HttpURLConnection con = (HttpURLConnection) object.openConnection(); con.setDoOutput(true); con.setDoInput(true); con

问题 I have an authentication system via tokens. The user logs in with email and password and the token is returned and saved in a cookie. Now if the user closes the browser or tab and returns to the site, then the user is authenticated with the token in the cookie, however, that can take a quite a few milliseconds and if they return to a secure site such as their user profile, and the app is not fast enough to load the initial user data and marks them as logged in, then they are redirected to the