本文介绍了在Play Framework 2.6中使用JWT身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!



我在使用旧版本指南<,但我想重点关注新的Play 2.6

I'm having issues with using JWT Authentication using guides for older versions but I'd like to focus on the new Play 2.6


According to the official documentation, JWT is now used under the hood.


It seems like there would be an easier way instead of creating an ActionBuilder and a bunch of other classes or importing third-party libraries but I can't figure out what I would need to do.


Can anyone give me guidance on how to create JWT tokens/secrets with 2.6? Preferably Java but I could make my way through Scala as well.


JWT被烘焙到会话cookie中.您根本不需要为此做任何事情. Play中没有用户可见的JWT标头,但是您可以使用JJWT库 https://github.com/jwtk /jjwt ,Play会在后台使用它来创建自己的JWT并使用它.

JWT is baked into the session cookie. You don't need to do anything at all for that. There is no user visible JWT header in Play, but you can use the JJWT library https://github.com/jwtk/jjwt which Play uses under the hood to create your own JWT and use that.

> https://github.com/franzgranlund/play-java中有一个示例项目-jwt ,它使用与标题稍有不同的JWT库,但是给出了这个主意.

There is an example project at https://github.com/franzgranlund/play-java-jwt which uses a slightly different JWT library for headers, but gives the idea.

主要要做的是验证您收到的JWT使用的是发送的相同算法,即没有人向您发送alg = NONE或愚蠢的东西,并确保您使用的是体面的算法,即具有AES-GCM的HMAC-SHA256.

The main thing to do is verify that the JWT you get back is using the same algorithm you sent out, i.e. no-one has sent you an alg=NONE or something silly, and ensure you're using a decent algorithm, i.e. HMAC-SHA256 with AES-GCM.

如果您对一般使用加密/签名感兴趣,请在 https://github.com/playframework/play-scala-secure-session-example/会有所帮助.

If you're interested in using encryption/signing generally, there's an example in https://github.com/playframework/play-scala-secure-session-example/ which should help.

这篇关于在Play Framework 2.6中使用JWT身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!


09-06 15:54