Abstract: User identity and service authority authentication have become important means of identity verification and data access security.User identity authentication is implemented using dynamic token technology JWT.For the problems of JWT being lost and intercepted,the strategy of encrypted storage and decryption and the binding mechanism of IP and JWT are proposed.According to the EAST experimental data and the current status of users,user resources were divided into second-level users,and service resources were divided into third-level resources.Graph database Neo4j was used to store the authority relationship between users and resources,and a bitmap method was proposed to accelerate authority authentication.The experimental results show that the JWT based authentication method and its security strategy can effectively solve the problems of identity and permission authentication.Compared with the traditional relational database storing user permissions,the graph database Neo4j and the bitmap method can effectively improve the efficiency of authentication.