【Oauth2.0】Oauth2.0

Others 2020-03-21 12:58:10 views: null

A. What is Oauth2.0?

  1.Oauth2.0 namely (Open Authorization), Oauth2.0 is a third party authorized for open standards, is an upgraded version of Oauth1.0, easy to use compared to version 1.0:

  2.Oauth2.0 four kinds of licensing model is as follows:

    1. authorization code mode (most common mode)

    2. Password Mode

    3. Stealth Mode

    4. Document model

 

Two .Oauth2.0 relevant available information:

  Oauth2.0 defined roles:

    Figure:

    

 

 

 

    1. resource owners / users (understood as the user has an account password)

      Resource owner refers to people who have shared data or applications. Such as Facebook or Google users is the resource owner, they have the resources that their data. Human resource owners are described in the figure above, which is the most common situation. But resource owners also can be an application. OAuth 2.0 specification includes both possibilities.

    2. The resource server  (user must have the resources that exist have server)

      Resources from servers managed resources. For example, Facebook or Google is a resource server (or a resource server).

    3. The client application (such as the browser)

      The client application is an application requests access to resources stored in the resource server. Resources are owned by the resource owner. The client application can access a user's Facebook account third-party game request.

    4. The authorization server (a user wants to get access server)

      Authorization servers are authorized client applications to access resources in the resource owners have. Authorization server and server resources can be the same server, but not required. If the two servers are separate, OAuth 2.0 does not discuss how the two servers communicate. This is a resource server and authorization server developers to design their own decisions.

 

Three here to use QQ user account password authorized access watercress as an example:

  The first step: Log in watercress hit by the official network qq

  When you click on the little icon to log qq, in fact, it is to launch a http://www.douban.com/leadToAuthorize watercress server requests, watercress server will respond with a redirect address , point qq unauthorized access

  Redirects the browser to the address http://www.qq.com/authorize? Callback = www.douban.com / callback  , visit again. And takes note of the visit with a parameter callback, in order to authorize qq there again allow your browser to successfully launch the callback request. Otherwise qq know how you make me want to return to that page after authorization ah, let me authorized sites like watercress every day so much.

  As for access after this address, qq there what they are reacting, the second step is the thing. I.e., the first step corresponds to the sum of these parts in FIG.

 

 

 

Step two: Go to qq login page to enter a user name and password, then login and authorization

  Back to the redirection address in the browser and access http://www.qq.com/authorize?callback=www.douban.com/callback

  qq server receives the watercress authorize access, response times in the examples given are qq jump to the login page, enter the user account password and click the login button authorization, must also access the server validate the user name qq cryptographic methods, if the check is successful, the method will respond to the browser a redirect address, accompanied by a code (authorization code) . Because only care about returns after watercress like qq initiate authorize a request code, does not care how qq is check the user and the authorization process for each server may do a personalized treatment, as long as the end result is returned to the browser is a redirect code can attach, so the process does not expand in detail in FIG. Now to expand the picture to everyone.

  

 

 

 The third step: jump back to page watercress, successful login

  This step behind the process is the most tedious, but for users who are not fully aware of. Authorized users click on QQ login page after login, you jump directly to the watercress home, but in fact experienced a lot of hidden process.

  First connect step, QQ server after a successful login judge, before the page redirects to attach watercress sent to the callback code authorization code that callback = www.douban.com / callback 

  Redirected to the page, a request to initiate http://www.douban.com/callback

  Watercress server receives a request, made two again to communicate with QQ things that simulate browser launched two requests. One is to replace it with a token to get the code, the other is used to get a token in exchange for user information. Finally, the user information is stored, it returned to the browser home page view. OAuth2.0 authorize this end.

  

 

 

Related Links: https: //mp.weixin.qq.com/s/YKUucF_JQ9-09G5ZXXA_dw

Guess you like

Origin www.cnblogs.com/gabriel-y/p/12537520.html
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com