JWT ile \u00fcretilen token Base64 ile kodlanm\u0131\u015f 3 ana k\u0131s\u0131mdan olu\u015fmaktad\u0131r. Bunlar Header(Ba\u015fl\u0131k), Payload(Veri), Signature(\u0130mza) k\u0131s\u0131mlar\u0131d\u0131r.<\/p>\n\n\n\n
\u00d6rnek JWT token (aaa.bbb.ccc)<\/p>\n\n\n\n
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJ0ZWJyaWtsZXIhIDopIn0.sTLXY5iAs1IzJJ-8GVP_pMR65qqgCUpbMl-aSPcrQHc<\/code><\/pre>\n\n\n\nHeader(Ba\u015fl\u0131k)<\/strong>
Bu k\u0131s\u0131m JSOn format\u0131nda yaz\u0131lmakta ve 2 alandan olu\u015fmaktad\u0131r. Bunlar token tipi ve kullan\u0131lacak algoritman\u0131n ad\u0131d\u0131r.<\/p>\n\n\n\n{\n\"alg\": \"HS256\",\n\"typ\": \"JWT\"\n}<\/code><\/pre>\n\n\n\nAlgoritma k\u0131s\u0131mlar\u0131 farkl\u0131l\u0131k g\u00f6sterebilir. (HS256, HMAC SHA256 yada RSA)
Yukar\u0131daki JSON format\u0131ndaki veri Base64 ile encode edilir.
Payload(Veri)<\/strong>
Bu k\u0131s\u0131mda claim\u2019ler bulunur. Bu k\u0131s\u0131mda tutulan veriler sayesinde token client ve server aras\u0131nda uniqe olur.
Bu k\u0131s\u0131mda 3 tipte claim bulunabilir.<\/p>\n\n\n\n- Registered claims: JWT taraf\u0131ndan \u00f6nceden rezerv edilmi\u015f 3 harf uzunlu\u011fundaki claimlerdir. Bunlar \u00f6nceden ayarlanm\u0131\u015ft\u0131r ve di\u011fer claimlerde kullan\u0131lamaz. \u00d6rn, ise(issuer), exp(expiration time), sub(subject),aut(audience vb.<\/li>
- Public claims:\u0130ste\u011fe ba\u011fl\u0131 olarak a\u00e7\u0131k \u015fekilde yay\u0131nlana bilen claimlerdir.<\/li>
- Private claims: taraflar\u0131n kendi aralar\u0131nda bilgi ta\u015f\u0131mak i\u00e7in kulland\u0131klar\u0131 private claim\u2019lerdir.<\/li><\/ul>\n\n\n\n
<\/p>\n\n\n\n
{\n\"sub\": \"1234567890\",\n\"name\": \"John Doe\",\n\"iat\": 1516239022\n}<\/code><\/pre>\n\n\n\n
Bu k\u0131s\u0131m base64 ile encode edilir ve JWT token\u2019\u0131n ikinci b\u00f6l\u00fcm\u00fcn\u00fc olu\u015fturur.
Signature:<\/strong>
Bu k\u0131s\u0131m token\u2019\u0131n son k\u0131sm\u0131n\u0131 olu\u015fturur. Bu k\u0131sm\u0131n olu\u015fturulabilmesi i\u00e7in header, payload ve private key gereklidir. \u0130mza ile verinin b\u00fct\u00fcnl\u00fc\u011f\u00fc garanti alt\u0131na al\u0131nm\u0131\u015f olur. Header k\u0131sm\u0131nda belirtilen algoritma i\u00e7in public key kullan\u0131l\u0131r. Header ve payload k\u0131sm\u0131 bu private key ile imzalan\u0131r.
Do\u011frulama i\u015flemi:<\/strong>
Token client taraf\u0131ndan gelir. Token\u2019\u0131n ge\u00e7erlili\u011fi JWT ile do\u011frulan\u0131r. Bu do\u011frulama i\u015fleminde client ve server taraf\u0131ndaki imzalar kar\u015f\u0131la\u015ft\u0131r\u0131l\u0131r. \u0130mzalar ayn\u0131 ise token ge\u00e7erli say\u0131l\u0131r ve kullan\u0131c\u0131ya eri\u015fim verilir.\u00a0<\/p>\n\n\n\n- Stateless \u00e7al\u0131\u015f\u0131r.<\/li>
- Portable \u00e7al\u0131\u015f\u0131r. (Hem web hem mobile uygulamam\u0131z ayn\u0131 web servisi kullanabilir.<\/li>
- JSON format\u0131ndad\u0131r.<\/li>
- Do\u011frulama i\u015flemi i\u00e7in DB\u2019ye ihtiya\u00e7 duyulmaz. O sebeple di\u011fer authorization metodlar\u0131na g\u00f6re daha h\u0131zl\u0131d\u0131r.<\/li>
- Cookie kullanmaya gerek yoktur. Mobil uygulamalar i\u00e7in rahatl\u0131kla kullan\u0131labilir.<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"
JWT ile \u00fcretilen token Base64 ile kodlanm\u0131\u015f 3 ana k\u0131s\u0131mdan olu\u015fmaktad\u0131r. Bunlar Header(Ba\u015fl\u0131k), Payload(Veri), Signature(\u0130mza) k\u0131s\u0131mlar\u0131d\u0131r. \u00d6rnek JWT token (aaa.bbb.ccc) Header(Ba\u015fl\u0131k)Bu k\u0131s\u0131m JSOn format\u0131nda yaz\u0131lmakta ve 2 alandan olu\u015fmaktad\u0131r. Bunlar token tipi ve kullan\u0131lacak algoritman\u0131n ad\u0131d\u0131r. Algoritma k\u0131s\u0131mlar\u0131 farkl\u0131l\u0131k g\u00f6sterebilir. (HS256, HMAC SHA256 yada RSA)Yukar\u0131daki JSON format\u0131ndaki veri Base64 ile encode edilir.Payload(Veri)Bu k\u0131s\u0131mda claim\u2019ler bulunur.\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/47"}],"collection":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=47"}],"version-history":[{"count":1,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/47\/revisions"}],"predecessor-version":[{"id":49,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/47\/revisions\/49"}],"wp:attachment":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=47"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=47"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=47"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}