1. Overview.
Oauth provides a method for clients to access a protected resource on
behalf of a resource owner.
+--------+ +---------------+
| |--(A)-- Authorization Request --->| Resource |
| | | Owner |
| |<-(B)------ Access Grant ---------| |
| | +---------------+
| |
| | Client Credentials & +---------------+
| |--(C)------ Access Grant -------->| Authorization |
| Client | | Server |
| |<-(D)------ Access Token ---------| |
| | (w/ Optional Refresh Token) +---------------+
| |
| | +---------------+
| |--(E)------ Access Token -------->| Resource |
| | | Server |
| |<-(F)---- Protected Resource -----| |
+--------+ +---------------+
Figure 1: Abstract Protocol Flow
转载于:https://www.cnblogs.com/dikanggu/archive/2010/09/28/1837892.html