What is an open platform interface
In some large Internet companies, as the company's business development gradually huge need for cooperation partners and external partnerships, the company needs to be open interfaces to external partners call the other partners.
For example, Tencent QQ Internet , WeChat open platform , ants gold dress open platform , nails open platform , microblogging open platform , such as to achieve the function QQ joint landing, micro-channel scan code landing such as Tencent 's QQ Internet, WeChat open platform, ants gold dress open platform , microblogging open platform, such as QQ function implement joint landing, the landing micro-channel scan code.
There is a large group company, divided Corporation, and its multiple branch offices, headquarters and branch offices can communicate with each other to form an open platform interface to authorize adoption.
What is Oauth2.0
OAuth : OAuth ( Open Authorization ) is an open standard that allows users to authorize third-party sites access the information they stored on another service provider, without requiring the user name and password to third-party websites or share their data for all content .
QQ login OAuth2.0 : For OpenAPI associated with the user (such as access to user information, ActiveSync, photos, logs, sharing, etc.), in order to protect the security and privacy of user data, the former third-party sites access to user data needs to be explicitly users seek authorization.
OAuth2.0 OAuth2.0 QQ login using the standard protocol for user authentication and user authorization acquired, with respect to the prior OAuth1.0 agreement , its certification process simpler and more secure.
In an open platform interface design, follow Oauth2.0 authentication and authorization protocol JWT.
QQ authorization to use the description field properties:
appId: No permanent business can not be modified, just like our ID number.
appKey: merchant key, this can be changed, it should be noted modifications made after the synchronization problem too.
Authorization code Code: get accessToken.
accessToken: Call Interface access token.
Callback address: After successful authorization, the redirection address.
openId: open platform for the production of a unique user Id.
Oauth2 authorization principle
OAuth authentication and authorization process is as follows:
1, user access to third-party Web site, users want some resources stored in the service provider's instructions.
2, a third-party site requests a temporary token to the service provider.
3, third-party service providers to verify the identity of the site, to grant a temporary token.
4, the third-party site to obtain temporary token, direct users to the service provider's authorization page requesting user authorization, then the process will return temporary token and third-party websites address to the service provider.
5, users enter their user name and password on the page authorized service providers, authorized third-party website to access the appropriate resources are.
6, after the authorization is successful, the service provider will return the address of the user-oriented third-party websites.
7, a third-party site to obtain access token from the service providers according to where the temporary token.
8, a third-party service providers to grant access to sites based on authorization token and token users.
9, third-party sites using the acquired access token is stored in the corresponding user access to resources service providers.
QQ Internet calling interface to obtain user information
1, generating the authorization link, access authorization code
2, using the authorization code to obtain AccessToken
3, using AccessToken get openId
4, openId obtain user information