Overall process
1. User authorization
The user clicks the (WeChat authorization) button to send a get request to the link below and jump to the authorization page
http://localhost:8080/oauth/authorize?response_type=code&client_id=client&redirect_uri=http://www.baidu.com&scope=all
Jump to the login page. This is because you are not logged in to the authorization server, so you need to log in. (Just like when we use WeChat scan code authorization, we must first log in to WeChat. If you don't log in to WeChat, you cannot be authorized. You can log in first, so The login page will pop up)
http://localhost:8080/login
Browser, redirect to https://www.baidu.com/?code=mfB14e
get authorization code
2. Apply for a token
Carry the authorization code, access the authorization server, and obtain
http://localhost:8080/oauth/token
the corresponding relationship between the access_token sending parameters and the backend
1) Basic Auth authentication
username|.withClient
password|.secret
2) Post parameter
client_id|.withClient
redirect_uri|.redirectiUris
scope|.scope
grant_type|. authorizedGrantTypes
code|None, webpage return
3. Get resources
By access_token
accessing the resource server, resources are obtained (namely, usernames, etc., note that this is not the resource of the client (we originally wanted to access), but the resource of the authentication server)