本文介绍了OAuth 还是 JWT?使用哪一种,为什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我开始学习基于令牌的身份验证,我正在尝试学习如何在 Laravel 5 中实现它.我遇到了两种非常流行的技术,但我很困惑,因为我对这两种技术都不熟悉.

I am starting to learn about token based authentication and I am trying to learn how to implement it in Laravel 5. I have come across two very popular technologies for doing this but I am confused since I am new to both these technologies.

Medium 上的这篇文章 说我应该去lucadegasperi/oauth2-server-laravel 我确信它是社区中非常受欢迎的软件包从 Github 上的星星数量和引导我找到它的引用数量来看.这个应该可以帮助我实现 OAuth.

This article at Medium says I should go with lucadegasperi/oauth2-server-laravel which I am sure is a very popular package in the community judging by the number of stars on Github and the number of references that have led me to it. This one is supposed to help me with OAuth implementation.

Scotch.io 上的另一篇文章 鼓励我使用 tymondesigns/jwt-auth 从数量来看,它也很受欢迎Github 上的星星.

This other article at Scotch.io encourages me to use tymondesigns/jwt-auth which is also very popular again judging by the number of stars on Github.

在这一点上我犹豫不决,主要是因为我是一个新手开发人员,我没有与他们中的任何一个合作过.

At this point I am indecisive of which one to use mostly because I am a novice developer and I haven't worked with either of them.

谁能向我指出它们各自的优缺点以及我应该实施哪一个?我的项目类型是否也会决定我应该使用哪种类型?以及如何?

Could anyone point out to me what are the pros and cons to each one of them and which one I should implement? Will my project type also dictate what kind I should use? And how?

此外,如果您认为我应该选择一个而不是另一个,您能否也指出可以帮助我开始使用它们的好资源.当然,除了我自己提供的两个链接.

Moreover if you are making an argument that I should choose one over the other, could you also point out good resources that would help me start with them. Other than the two links I provided myself of course.

推荐答案

JWT是一个简单的认证协议,Oauth是一个认证框架.

JWT is a simple authentication protocol, Oauth is an authentication framework.

经验丰富的开发人员需要大约一个月的时间才能完全理解和实施 Oauth.有经验的开发人员可以在阅读规范的大约一天内掌握 JWT 协议.所以基本上,它归结为您的特定用例.

An experienced developer will take about a month to fully understand and implement Oauth. An experienced developer can pick up the JWT protocol in about a day of reading the specifications. So basically, it boils down to your specific use-case.

如果您想对 api 进行简单的无状态 http 身份验证,那么 JWT 就很好,而且实施起来相对较快,即使对于新手开发人员也是如此.

If you want simple stateless http authentication to an api, then JWT is just fine and relatively quick to implement, even for a novice developer.

为您提供一些 JWT 资源:

A few JWT resources for you:

还有一个 Oauth 资源:

And an Oauth resource:

这篇关于OAuth 还是 JWT?使用哪一种,为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-21 15:49