JWT Token Structure

A JWT token contains a Header, a Payload, and a Signature.

image.png

Header
Header contains the algorithms like RSA or HMACSHA256 and the information of the type of Token.

image.png

Payload
Payload contains the information of rows, i.e., user credentials.

image.png

How Does JWT Work?

Step 1

Client logs in with his/her credentials.

image.png

Step 2

Server generates a Jwt token at server side.

image.png

Step 3

After token generation, the server returns a token in response.

image.png

Step 4

Now, the client sends a copy of the token to validate the token.

image.png

Step 5

The server checks JWT token to see if it's valid or not.

image.png

Step 6

After the token is validated, the server sends a status message to the client.

image.png

[图片上传中...(image.png-4ee818-1642837712343-0)]

image.png

授权流程：
1、用户请求登录，携带用户名密码到授权中心
2、授权中心携带用户名密码，到用户中心查询用户
3、查询如果正确，生成JWT凭证
4、返回JWT给用户
鉴权流程：
1、用户请求某微服务功能，携带JWT
2、微服务将jwt交给授权中心校验
3、授权中心返回校验结果到微服务
4、微服务判断校验结果，成功或失败
5、失败则直接返回401
6、成功则处理业务并返回