Waa Maxay JWT (JSON Web Token)
JWT (JSON Web Token) waa tiknooloojiyad (farsamo) casri ah oo loo adeegsado Aqoonsiga Isticmaalaha (Authentication) iyo Ogolaanshaha Galitaanka (Authorization), gaar ahaan web apps, mobile apps, iyo APIs.
JWT (JSON Web Token) waa tiknooloojiyad (farsamo) casri ah oo loo adeegsado Aqoonsiga Isticmaalaha (Authentication) iyo Ogolaanshaha Galitaanka (Authorization), gaar ahaan web apps, mobile apps, iyo APIs. Waa hab lagu xaqiijiyo in Isticmaalaha (User-ku) uu yahay kii saxda ahaa, isla markaana lagu hubiyo waxa uu xaq u leeyahay inuu sameeyo, adigoon mar walba database dib ugu laaban.
Si fudud haddii loo dhigo, JWT waa Aqoonsi Qaybsan (token) yar oo la siinayo isticmaalaha kadib marka uu si sax ah u galo (login). Aqoonsigan ayaa noqda aqoonsigiisa mar kasta oo uu codsi (request) dirayo. Halkii server-ku ka xasuusan lahaa isticmaale kasta (sessions), isticmaalaha laftiisa ayaa wata caddeyntii aqoonsigiisa.
JWT wuxuu ka kooban yahay saddex qaybood: header, payload, iyo signature. Header-ku wuxuu sheegaa nooca Aqoonsiga iyo Algorithm-ka sirta ah ee la adeegsaday. Payload-ku waa xogta isticmaalaha (Claims) (tusaale: user id, role, email). Signature-kuna waa saxiix amni ah oo xaqiijinaya in Aqoonsiga aan la beddelin. Saddexdan ayaa la isku habeeyaa (encoded), loona diraa sida hal xadhig (single string) ah.
Marka Isticmaalahu codsi dirayo, JWT waxaa badanaa lagu diraa "Authorization header" sida: Bearer token. Server-ku wuxuu hubiyaa Signature-ka Aqoonsiga, haddii uu sax yahayna wuu aqbalaa codsiga, haddii kale wuu diidaa. Tani waxay ka dhigeysaa nidaamka mid degdeg ah oo si sahlan loo ballaarin karo (scalable) ah.
Sababta JWT aad loogu jecel yahay waa inuu yahay Stateless (Xaalad-Ma-Hayste). Server-ku ma kaydinayo xaaladda (session) isticmaale walba, taasoo ka dhigeysa mid ku habboon Nidaamyada Waaweyn (Large systems), microservices, iyo APIs badan. Waxa kale oo uu si fiican ula shaqeeyaa frontend frameworks sida React, Next.js, React Native, iyo Flutter.
JWT waxaa inta badan lagu adeegsadaa: – Nidaamyada Galitaanka (Login systems) – Galitaanka ku salaysan Doorka (Role-based access) (admin, user, iwm) – APIs-ka la ilaaliyo (Protected APIs) – Mobile apps – SaaS platforms
Si kastaba ha ahaatee, JWT ma aha xal sixir ah. Haddii si khaldan loo isticmaalo (tusaale Aqoonsi dheer oo aan dhacayn (expirin), ama fure sir ah (key) la xakameyn), waxay keeni kartaa khatar amni. Sidaas darteed waxaa muhiim ah in la adeegsado Waqtiga Dhicitaanka (expiration time), Kayd-Amni (secure storage), iyo HTTPS mar walba.
JWT waa laf-dhabarta Aqoonsiga Casriga ah (modern authentication). Waa mid degdeg ah, fudud, oo si weyn ola shaqeeya apps-ka maanta la dhisayo. Haddii aad rabto inaad noqoto Developer dhab ah, fahamka JWT waa tallaabo lama huraan ah.
