令牌提交的身份验证失败
介绍 (Introduction)
Token based authentication is prominent everywhere on the web nowadays. With most every web company using an API, tokens are the best way to handle authentication for multiple users.
如今,基于令牌的身份验证在网络上无处不在。 对于大多数使用API的网络公司而言,令牌是处理多个用户身份验证的最佳方法。
There are some very important factors when choosing token based authentication for your application. The main reasons for tokens are:
为应用程序选择基于令牌的身份验证时,有一些非常重要的因素。 令牌的主要原因是:
Stateless and scalable servers
无状态且可扩展的服务器
Mobile application ready
移动应用就绪
Pass authentication to other applications
将身份验证传递给其他应用程序
Extra security
额外的安全性
谁使用基于令牌的身份验证? (Who Uses Token Based Authentication?)
Any major API or web application that you've come across has most likely used tokens. Applications like Facebook, Twitter, Google+, GitHub, and so many more use tokens.
您遇到的任何主要API或Web应用程序都最有可能使用了令牌。 Facebook,Twitter,Google +,GitHub等应用程序都使用令牌。
Let's take a look at exactly how it works.
让我们来看看它是如何工作的。
代币为何出现 (Why Tokens Came Around)
Before we can see how token based authentication works and its benefits, we have to look at the way authentication has been done in the past.
在我们了解基于令牌的身份验证的工作原理及其好处之前,我们必须了解一下过去身份验证的完成方式。
基于服务器的身份验证(传统方法) (Server Based Authentication (The Traditional Method))
Since the HTTP protocol is stateless, this means that if we authenticate a user with a username and password, then on the next request, our application won't know who we are. We would have to authenticate again.
由于HTTP协议是无状态的 ,这意味着如果我们使用用户名和密码对用户进行身份验证,那么在下一个请求时,我们的应用程序将不知道我们是谁。 我们将不得不再次进行身份验证。
The traditional way of having our applications remember who we are is to store the user logged in information on the server. This can be done in a few different ways on the session, usually in memory or stored on the disk.
让我们的应用程序记住我们是谁的传统方式是将用户登录信息存储在服务器上 。 这可以在会话上以几种不同的方式完成,通常在内存中或存储在磁盘上。
Here is a graph of how a server based authentication workflow would look:</