Reference article:
http://www.ruanyifeng.com/blog/2019/04/oauth_design.html
http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html
http://www .ruanyifeng.com/blog/2019/04/github-oauth.html
There are four methods of OAuth2.0, namely authorization code type, hidden type, password type, and credential type.
The usage scenarios are: authorization code: suitable for those with back-end. Hidden: suitable for no back-end. Password: directly tell the account password. Credential: suitable for command line applications. For more detailed information, please see the three articles above, which are very detailed. This article only focuses on the authorization code, because it is currently the most used method.
The working process of the authorization code is as follows:
step:
- The user enters the front-end page and clicks to use the third-party login (Gitee) method
- The page jumps to the Gitee login page and allows the user to log in. After the login is successful, the user will be asked whether to allow the original web page to obtain XX permissions
- After agreeing, Gitee will redirect a url URL, which contains the authorization code (code)
- The backend parses this url and gets the authorization code, and then sends the authorization code to Gitee
- After Gitee receives it, it will return a json data, this json data is the token (token), where access_token is inside
- After the backend resolves the token and gets the access_token, you can get the data of the user's login in Gitee
Code address: https://github.com/Xavier-777/OAuthByJ