oauth

The three parties involved in the process of authentication and authorization include:
1. The service provider, the user uses the service provider to store protected resources, such as photos, videos, and contact lists.
2. The user, the owner of the protected resources stored at the service provider.
3. Client, a third-party application that wants to access the resources of the service provider, usually a website, such as a website that provides photo printing services. Before the authentication process, the client needs to apply for the client ID from the service provider.

The process of using OAuth for authentication and authorization is as follows:
1. The user visits the client's website and wants to operate the user's resources stored in the service provider.
2. The client requests a temporary token from the service provider.
3. After the service provider verifies the identity of the client, a temporary token is granted.
4. After the client obtains the temporary token, it guides the user to the authorization page of the service provider to request user authorization. During this process, the temporary token and the client's callback connection are sent to the service provider.
5. The user enters the user name and password on the service provider's web page, and then authorizes the client to access the requested resource.
6. After the authorization is successful, the service provider guides the user to return to the web page of the client.
7. The client obtains the access token from the service provider according to the temporary token.
8. The service provider grants the client access token based on the temporary token and the user's authorization.
9. The client uses the obtained access token to access the protected resources stored on the service provider.

Three-legged OAuth (3-Legged OAuth), which is also the standard version of OAuth. The so-called "three legs" here refers to the three roles mentioned above in the authorization process, that is, the client, the service provider, and the user. However, in some cases, the user's participation is not required. At this time, a variant is produced, which is called two-legged OAuth (2-Legged OAuth). Generally speaking, applications that access private data require three-legged OAuth. Apps accessing public data require two-legged OAuth.
Compared with the two-legged OAuth and the three-legged OAuth, because there is no user participation, the user authorization is not involved in the process, and the Token is not required, but is mainly completed through the Consumer Key and Consumer Secret. Signed, the Consumer Key and Consumer Secret at this time are basically equivalent to the account and password.