FIDO Fast Identity Online (FIDO)
WebAuthn was officially recognized as a W3C web standard in March 2019. Today, WebAuthn is part of the FIDO Alliance’s FIDO2 specifications and the FIDO Alliance runs certification programs to ensure compliance
微服务认证和授权有很多方案,
这里比较各种主流方案的优缺点,
为你的业务系统选择MAA方案提供指南
方案 优点 缺点 分布式会话管理 简单,成熟,服务器统一管理 扩展性比较差 客户令牌 单点登录 API网关令牌管理 第三方应用授权 SSL/TLS 双向认证 方案 分布式会话管理 会话信息由服务器存储
实现方式:
Sticky session Session replication Centralized session storage 客户令牌 令牌由客户持有
JWT: 头,负载和签名
头
{ "typ": "JWT", "alg": "HS256" } 负载
RequiresUser annotation Requires the current Subject to be an application user for the annotated class/instance/method to be accessed or invoked. This is less restrictive than the RequiresAuthentication annotation.
Shiro defines a “user” as a Subject that is either “remembered” or authenticated:
An authenticated user is a Subject that has successfully logged in (proven their identity) during their current session. A remembered user is any Subject that has proven their identity at least once, although not necessarily during their current session, and asked the system to remember them.