or
or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up
Syntax | Example | Reference | |
---|---|---|---|
# Header | Header | 基本排版 | |
- Unordered List |
|
||
1. Ordered List |
|
||
- [ ] Todo List |
|
||
> Blockquote | Blockquote |
||
**Bold font** | Bold font | ||
*Italics font* | Italics font | ||
~~Strikethrough~~ | |||
19^th^ | 19th | ||
H~2~O | H2O | ||
++Inserted text++ | Inserted text | ||
==Marked text== | Marked text | ||
[link text](https:// "title") | Link | ||
 | Image | ||
`Code` | Code |
在筆記中貼入程式碼 | |
```javascript var i = 0; ``` |
|
||
:smile: | ![]() |
Emoji list | |
{%youtube youtube_id %} | Externals | ||
$L^aT_eX$ | LaTeX | ||
:::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx
API 驗證授權,你所該知道的那些事 / John Liu @ TW(劉奕為)
歡迎來到 Modern Web 2020 共筆
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →共筆入口:https://hackmd.io/@ModernWeb/2020
手機版請點選上方 按鈕展開議程列表。
簡報下載
技術長打雜每週二晚上桌遊店固定會討論web技術沒有的話就打桌遊
歡迎 8:00 後過來~ by JohnLiu
關於驗證
驗證vs授權
驗證四要素
Password-based authentication
2FA ( two-factor authentication )
1.先透過密碼(你知道什麼)再透邊指紋所識登入(你是什麼)
2.先透過密碼(你知道什麼)再透過特定App登入(你擴有什
OTP ( one-time password )
關於授權
JWT ( Json Web Token)
JWT structure
JWT payload - registrered claims
3
程式碼範例與總結
JWT 全貌
關於Base64
JWT的資安問題
推薦閱讀:JWT做api認證安全嗎?.|by Chestermo| Medium
常見API加密範例-加密後簽章
以HMAC簽章驗證使用者的身份使用者在請求API服務時將APP Key與當下時間(格式使用GMT時間)做HMAC-SHA1加密運算後轉成Base64 格式,帶入signature屬性欄位,Server將驗證使用者請求時的header欄位
常見 API 加密範例 - AES + IV
將交易資料透過專屬加密 HashKey 與專屬加密 HashIV,產生 AES 256 加密交易資料。
總結
tags:
MW20
框架與設計
API授權驗證