Hızlı yanıt: kod örneği
Short answerA JWT is a convenient way to encode and verifyclaims.A Bearer Token is just a string, potentially arbitrary, that is used for authorization.Context (story time)A few years ago, before the JWT revolution, a was just a string with no intrinsic meaning, e.g. . That token was then looked-up in a database, which held the claims for that token. The downside of this approach is that DB access (or a cache) is required everytime the token is used.JWTs encode and verify (via signing) their own claims. This allows folks to issue short-lived JWTs that are stateless (read: self-contained, don't depend on anybody else). They do not need to hit the DB. This reduces DB load and simplifies application architecture because only the service that issues the JWTs needs to worry about hitting the DB/persistence layer (the you've probably come across).
<token>
2pWS6RQmdZpE0TQ93X
refresh_token