JSON Web Token(JWT)作为电子邮件激活的URL

前端之家收集整理的这篇文章主要介绍了JSON Web Token(JWT)作为电子邮件激活的URL前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

解决方法

FAQ you link to说:

Use-cases for a JWT token in a url are:

  • account verification – when you email a person a link after they register on your site. 07001
  • password re-set – ensures that the person re-setting the password has access to the email belonging to the account. 07002

Both of these are good candidates for single-use tokens (which expire after they have been clicked).

所以,是的.只需确保每封电子邮件只能激活一次(并且不要使用示例中可怕的“秘密”密钥,如果签名可以伪造,则可以绕过您的验证).

猜你在找的JavaScript相关文章