<\/div>\n

Merhaba,<\/p>\n

Bu i\u00e7eri\u011fimizde klasik oturum y\u00f6netimi ara\u00e7lar\u0131ndan olan Session yahut Cookie yap\u0131lar\u0131na alternatif RFC 7519 standart\u0131 JSON Web Token(JWT) \u00fczerine konu\u015fuyor olaca\u011f\u0131z.<\/p>\n

G\u00fcn\u00fcm\u00fczde RESTFull API’lar da oturum i\u015flemlerini eski usul Session yahut Cookie ara\u00e7lar\u0131yla de\u011fil JSON Web Token(JWT) ile ger\u00e7ekle\u015ftirmekteyiz. Daha do\u011frusu JWT ile oturum i\u015flemlerimizi icra etmeyi tercih etmekteyiz demem daha do\u011fru olacakt\u0131r. “Peki hoca, Session ya da Coockie neyimize yetmedi?<\/strong><\/em>” \u015feklinde sorunuzu duyar gibiyim…<\/p>\n

Evet… Bunca zamand\u0131r kulland\u0131\u011f\u0131m\u0131z Session, Cookie vs. gibi yap\u0131lar ihtiya\u00e7lar\u0131m\u0131za yeterince cevap verebilme kabiliyetine sahiptiler. Ama g\u00fcn\u00fcm\u00fczde internet trafi\u011finin yo\u011funla\u015fmas\u0131 ve kullan\u0131c\u0131 etkile\u015fiminin artmas\u0131ndan dolay\u0131 eskiye nazaran misliyle oturum i\u015flemleri ger\u00e7ekle\u015ftirilmektedir. Dolay\u0131s\u0131yla bu yo\u011funlukta bizlere performans ve maliyet a\u00e7\u0131s\u0131ndan ve t\u00fcm bunlar\u0131n yan\u0131nda h\u0131zl\u0131 i\u015flevsellikte olan yap\u0131lar gerekmektedir. \u0130\u015fte bundan dolay\u0131 eski teknolojilere nazaran JWT yap\u0131s\u0131 geli\u015ftirilmi\u015ftir.<\/p>\n

Mesela, olu\u015fturulan her bir session i\u00e7in arkaplanda ger\u00e7ekle\u015ftirilen IO i\u015flemlerinin artan yo\u011funlukta performans a\u00e7\u0131s\u0131ndan sunucuya ne kadar maliyetli oldu\u011funu d\u00fc\u015f\u00fcn\u00fcn… Ya da ayn\u0131 anda hem web hem de mobilde \u00e7al\u0131\u015fan ve tek bir API \u00fczerinden i\u015flevsellik g\u00f6steren uygulamalarda session bazl\u0131 oturum bilgilerini platformlar aras\u0131nda ta\u015f\u0131maya yeltenince kar\u015f\u0131la\u015f\u0131labilecek problemleri… \u0130\u015fte bu durumlara istinaden JWT’de hem IO i\u015flemlerinden yal\u0131t\u0131lm\u0131\u015fl\u0131k s\u00f6z konusuyken hem de platformlar aras\u0131nda oturum transferi hi\u00e7bir probleme mahal vermeksizin sadece token\u0131 ta\u015f\u0131makla sorunsuz ger\u00e7ekle\u015ftiriliyor.<\/p>\n

Token – Session Kar\u015f\u0131la\u015ft\u0131rmas\u0131<\/h3>\n\n\n\n\n\n
Session Login<\/th>\n Token Login<\/th>\n<\/tr>\n<\/thead>\n
\nClient<\/strong> -> Siteyi a\u00e7.
\nServer<\/strong> -> SessionID ver.
\nClient<\/strong> -> UserName & Password gir ve SessionID ile yolla.
\nServer<\/strong> -> Bilgileri kontrol et. Do\u011fru ise Session’a user bilgilerini set et. Y\u00f6nlendirmeyi ger\u00e7ekle\u015ftir.
\nClient<\/strong> -> Settings sayfas\u0131n\u0131 iste. SessionID g\u00f6nder.
\nServer<\/strong> -> SessionID i\u00e7in giri\u015f yapm\u0131\u015f kullan\u0131c\u0131 var m\u0131 kontrol et. Cevap ver.\n<\/td>\n \nClient<\/strong> -> Siteyi a\u00e7.
\nClient<\/strong> -> UserName & Password yolla.
\nServer<\/strong> -> Bilgileri kontrol et. Do\u011fru ise token olu\u015ftur ve Client’a yolla. Y\u00f6nlendirmeyi ger\u00e7ekle\u015ftir.
\nClient<\/strong> -> Settings sayfas\u0131n\u0131 iste. Token g\u00f6nder.
\nServer<\/strong> -> Token ge\u00e7erli mi kontrol et. Cevap ver.\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
T\u00fcm bunlar\u0131n yan\u0131nda token yap\u0131lanmas\u0131n\u0131n kendine has avantajlar\u0131da mevcuttur;<\/p>\n
\n
Tokenlar cookie istemezler. Bundan dolay\u0131 mobil browserlar gibi cookie desteklemeyen platformlarda \u00e7al\u0131\u015fabilirler.<\/li>\n
Tokenler browsera \u00f6zel de\u011fildir. Dolay\u0131s\u0131yla, uygulamaya hangi platformdan login olunursa olunsun elde edilen token bir ba\u015fka platformda rahat\u00e7a kullan\u0131labilir.<\/li>\n<\/ul>\n
Token’\u0131n Fiziksel Yap\u0131s\u0131<\/h3>\n
Token, oturumla ilgili kritik bilgilerin \u015fifrelendi\u011fi bir fotmatt\u0131r. Yap\u0131s\u0131 a\u015fa\u011f\u0131daki gibidir;<\/p>\n
\neyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9<\/span>.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ<\/span>.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c<\/span>“<\/span><\/strong>\n<\/p><\/blockquote>\n
Yukar\u0131daki token \u00f6rne\u011fine yap\u0131sal olarak dikkat edilirse e\u011fer bir token\u0131n \u00fc\u00e7 b\u00f6l\u00fcmden olu\u015ftu\u011fu g\u00f6r\u00fclmektedir. Bu \u00fc\u00e7 alan\u0131n ne oldu\u011funu incelersek e\u011fer;<\/p>\n\n\n\n\n\n\n\n\n\n\n
\nHEADER<\/strong>
\n“Algoritma & Token Tipi”<\/span><\/em>\n<\/th>\n \nPAYLOAD<\/strong>
\n“Veri”<\/span><\/em>\n<\/th>\n<\/tr>\n<\/thead>\n
\n
\r\n{\r\n "alg": "HS256",\r\n "typ": "JWT"\r\n}\r\n<\/pre>\n<\/td>\n
\n
\r\n{\r\n "sub": "1234567890",\r\n "name": "John Doe",\r\n "iat": 1516239022\r\n}\r\n<\/pre>\n<\/td>\n<\/tr>\n
\nBa\u015fl\u0131klar, kullan\u0131lacak algoritma ve token tipi belirlenmektedir.\n<\/td>\n \nOturum i\u00e7in ta\u015f\u0131nmas\u0131 gereken datalar bar\u0131nd\u0131r\u0131lmaktad\u0131r.(surname, password, id vs.)
\nKritik bilgiler ta\u015f\u0131nabilir.\n<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
\nVERIFY SIGNATURE<\/strong>
\n“\u0130mza”<\/span><\/em>\n<\/td>\n<\/tr>\n
\n
\r\nHMACSHA256(\r\n base64UrlEncode(header) + "." +\r\n base64UrlEncode(payload),\r\n your-256-bit-secret\r\n)\r\n<\/pre>\n<\/td>\n<\/tr>\n
\nToken\u0131n imzas\u0131d\u0131r. \u0130ki parametre mevcuttur.
\n1. Header ve Payload alanlar\u0131n\u0131n BASE64 ile \u015fifrelenmi\u015f verileri.
\n2. Bizim taraf\u0131m\u0131zdan belirlenmi\u015f olan gizli anahtar.\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
T\u00fcm bu bilgilerin \u015fifrelenerek harmanlanm\u0131\u015f hali token yap\u0131s\u0131nda bir veriyi ortaya \u00e7\u0131karmakta ve bizler sadece o veriyi kullanarak t\u00fcm i\u015flemlerimizi ger\u00e7ekle\u015ftirebilmekteyiz.<\/p>\n
\u0130lgilenenlerin faydalanmas\u0131 dile\u011fiyle…
\nSonraki yaz\u0131lar\u0131mda g\u00f6r\u00fc\u015fmek \u00fczere…
\n\u0130yi \u00e7al\u0131\u015fmalar…<\/p>\n","protected":false},"excerpt":{"rendered":"
Merhaba, Bu i\u00e7eri\u011fimizde klasik oturum y\u00f6netimi ara\u00e7lar\u0131ndan olan Session yahut Cookie yap\u0131lar\u0131na alternatif RFC 7519 standart\u0131 JSON Web Token(JWT) \u00fczerine konu\u015fuyor olaca\u011f\u0131z. G\u00fcn\u00fcm\u00fczde RESTFull API’lar da oturum i\u015flemlerini eski usul Session yahut Cookie ara\u00e7lar\u0131yla...<\/p>\n","protected":false},"author":1,"featured_media":9376,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[780],"tags":[2614,2609,2612,2610,2613,2615,2611,2608,865,2616],"class_list":["post-9345","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-json","tag-header","tag-json-web-token","tag-json-web-token-nedir","tag-jwt","tag-jwt-nedir","tag-payload","tag-restful-api","tag-rfc-7519","tag-token","tag-token-nedir"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/9345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/comments?post=9345"}],"version-history":[{"count":31,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/9345\/revisions"}],"predecessor-version":[{"id":9377,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/9345\/revisions\/9377"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/media\/9376"}],"wp:attachment":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/media?parent=9345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/categories?post=9345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/tags?post=9345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}