I'm using django-rest-framework-jwt in one of my APIs. As you might know, the concept is simple: you send username and password and you get a token back. The token is not stored any where on the server.
By sending the token in the header of request, the user associated with the token is extracted from database. I'm curious as to how this is implemented. How the server can extract the user and also the expiration time of the token by just having the token?
I know the concept of public/private keys but if this is implemented with the same idea, what would be the private and public key here?
Aucun commentaire:
Enregistrer un commentaire