Some time ago wanted to put his verified by qq OAuth1.0, OAuth2.0 protocol to achieve QQ login to share experiences and Demo example to everyone, may have been very busy today, take some time to say under OAuth1.0 principle agreement, and QQ on the next certification for the development of Oauth1.0. Gossip say point, the following directly into the theme.
1, OAuth brief description
OAuth (Open Authorization, Open Authorization) is the definition of a safe, open and simple standard for the authorized user resources, third party without knowing the user's account and password, you can get information to authorized users, and this is safe. (I prefer simply did not, did not understand this, it does not matter, and then to see below)
2, the principle of OAuth
(Flowchart - above) four points I in FIG steps, four steps are explained below: first Previous: user access to third-party sites, such as: what you need to log QQ site; step Two: after you click on QQ login, and third-party websites will connect request, for example: after you click on the login, third party the site will jump to the QQ platform, you are prompted to log in; third step: you have to be a privilege authorized third-party websites to access your information, such as: when you successfully log on QQ, QQ will prompt you, whether to authorize the first Web-party access to your basic user information, or other resource information, then you can click on authorization; step 4: after authorization, third-party Web to access information you just authorized resources, such as: your QQ basic information - avatar, nickname, gender and so on. By this principle illustrated and explained (Figure is handmade, a little grass), I believe we have a basic understanding of the process OAuth this principle, if not understand, you can not learn how to make OAuth, and a joke. (After this step, you know what principle, it is still impossible to know exactly how to implement OAuth authentication, do not worry, read on)
3, OAuth 1.0 authentication process
Here to explain directly to the authentication mechanism OAuth1.0 protocol (OAuth2.0 will be covered in the next section), although many platforms are to follow OAuth2.0, but there are still open OAuth1.0 platform, such as:
Sina Weibo
, QQ1 .0 platforms. In OAuth 1.0 authentication will use three important Url: First: Request Token Url, a gain unauthorized Token Url; second: User Authorization Url, Url user request for authorization Token; Third : Request Access Url, using the Access Token Token get the Url; the top three Url certification process is used, the flow diagram below will reflect that, which I explain OAuth slide a direct shot down were Commentary:
the first step: a website requests to unauthorized Token authentication platform, the request Token Url was said earlier, the first Url; Step two: Go to user authorization page, the user is prompted to log in, and authorization Back obtain authorized token, is used in the User authorization Url said second front the Url; the third step: by authorized token, request Access token (the data token) to the authentication platform, request Access Url used was said earlier, the third Url, return to this step after the whole certification process is over, the last step is the data token parameters, call the user interface to obtain Information, incomplete count certification process. (I like concise certification process is such, I believe that by way of illustration and explanation can understand, if did not understand, please leave a message)
4, delivery QQ OAuth1.0 certification of calls and parameter Url
Connected to the sermon of the principle and mechanism of OAuth1.0 certification process, this article focuses on explaining to call QQ OAuth1.0 certification Url, passing the parameters of Notes. And because QQ is now on the development platform, it has been rarely find OAuth1.0 certified illustrate the development of the document, with the new 2.0 authentication mode, so a few words about Url request the return pass parameters, and not very detailed in-depth explanation, there is What is the problem you can leave a message to me. 1, requesting a temporary Token not authorized to create a new page for the QQLogin.aspx, Token and to request a temporary jump to user authorization page. Here is the relevant Url and parameters introduced Request Token Url (temporary Token request of Url): http: After //openapi.qzone.qq.com/oauth/qzoneoauth_request_token request to jump to guide the user to log Url: http: // openapi. qzone.qq.com/oauth/qzoneoauth_authorize Url first request contains the following parameters is required :( red, green is optional)
| parameter |
meaning |
| oauth_consumer_key |
After the application QQ login is successful, the site allocated to appid |
| oauth_nonce |
Random string, all oauth_nonce use int type. |
| oauth_timestamp |
unix timestamp (number of seconds from UTC time January 1, 1970 to the current time of 00:00:00, in different languages about how to obtain google / baidu it). Note that the third-party server time and Tencent server time difference can not be more than five minutes. |
| oauth_version |
Version number, fixed 1.0 |
| oauth_signature_method |
Signature method, stationary use HMAC-SHA1. |
| oauth_signature |
Signature value, to increase the tamper resistance of the transmission parameters. See generated signature value [QQ] oauth_signature login instructions signature parameters |
| oauth_client_ip |
User's IP address (optional), int type |
Returns parameters are: the oauth_token (temporary token), oauth_token_secret parameters (temporary key token corresponding to) the second pass is required Url:
| parameter |
meaning |
| oauth_consumer_key |
Appid assigned to the site. |
| oauth_token |
The previous step, the resulting oauth_token |
| oauth_callback |
Callback address, login and authorize the return to the address on your site. |
The returned parameters are:
| parameter |
meaning |
| oauth_token |
Authorized token |
| openid |
Communicating with the user key APP, which correspond and QQ number, it is necessary to access OpenAPI. QQ with a different number of OpenID in different applications. |
| oauth_signature |
Signature value. If the site uses openid return to this step, you need to generate a signature value by the rules, and alignment with the signature value to verify openid and reliability of sources. Generating a signature value than rules: using HMAC-SHA1 algorithm, the source string: + OpenID OpenID a timestamp (Do not add the intermediate string '+' sign); Key: oauth_consumer_secret. |
| timestamp |
openid timestamp |
| oauth_vericode |
Authorization code. |
2, step on the Access Token Request data token, we wrote a callback address, and successfully get some parameters, the following is to take these parameters to the next step, first of all, to get the data token (tokens only get data only you can call interface to obtain user information). Request Access Url (Access Token acquisition request Url): http: //openapi.qzone.qq.com/oauth/qzoneoauth_access_token Url request parameters include the following:
| parameter |
meaning |
| oauth_consumer_key |
Assigned to appid website |
| oauth_token |
token has been authorized, the return on oauth_token step |
| oauth_nonce |
random number |
| oauth_timestamp |
unix timestamp (number of seconds from 00:00:00 UTC to the current time period January 1, 1970, in different languages about how to obtain google / baidu's) |
| oauth_version |
Version number, fixed 1.0 |
| oauth_signature_method |
Signature method, using fixed HMAC-SHA1 |
| oauth_signature |
Signature value, to increase the tamper resistance of the transmission parameters. See generated signature value [QQ] oauth_signature login instructions signature parameters |
| oauth_vericode |
Authorization code, the return on oauth_vericode step |
| oauth_client_ip |
User's IP address (optional), int type |
The returned parameters are as follows:
| parameter |
meaning |
| oauth_token |
access_token has access |
| oauth_token_secret |
access_token key |
| openid |
In the first step and this step will return to the openid. Use this step openid returned, more secure |
| timestamp |
openid timestamp |
| oauth_signature |
For the signature value openid |
3, through the Access token (token data) calls API interface, authorized users get resource request Url: http: //openapi.qzone.qq.com/user/get_user_info request parameter (the default is written here get_user_info Interface):
| parameter |
meaning |
| oauth_consumer_key |
Assigned to appid website |
| oauth_token |
Previous Return of oauth_token |
| oauth_nonce |
Random number, int type |
| oauth_timestamp |
unix timestamp (number of seconds from UTC time January 1, 1970 to the current time of 00:00:00, in different languages about how to obtain google / baidu it). |
| oauth_version |
The version number, fixed 1.0 |
| oauth_signature_method |
Signature method, fixed using HMAC-SHA1 |
| oauth_signature |
Signature value, to increase the tamper resistance of the transmission parameters. See generated signature value [QQ] oauth_signature login instructions signature parameters |
| openid |
Previous openid returned. |
| oauth_client_ip |
User's IP address (optional), int type |
Note: Blue is requested URL (four), red for required parameters, optional parameters for good green, the above is the entire QQ OAuth1.0 certification process requests Url parameters and return instructions, which OAuth1.0 certification, you will find a particularly large number of parameters, as well as through the HMAC-SHA1 encryption, signature and other operations, particularly troublesome, cumbersome, or best of all recommended OAuth2.0 authentication protocol interface development.
certification process 5, OAuth2.0 of
in the process flow of OAuth2.0, divided into the following four steps:
1, to obtain the authorization code CODE
2, get access token
3, the access token, get OpenID
4, and the access token by calling OpenID API, obtain user authorization information above is roughly four step process, in flow diagram below will be reflected, which is a flow chart of a slide I made (last, will be attached OAuth slides made for everyone to share), a direct shot down here to explain:
The first step: First of all authorized users to jump directly to the address that illustrated Request User Url, the user is prompted to log in, and giving resources authorized to give only Auth code, here be noted that the code is only valid for 10 minutes for safety consider, with respect to the province OAuth1.0 step to obtain temporary token, and also a valid control, simplifying a lot more than 1.0 certification, and safer; second step: get the authorization code, this step is to request access token, by illustrates request access url, data generated to give the Token; the third step: the Access Token request OpenID, openid uniquely identifies the user on this platform, info url requests by way of illustration request, and then obtain the OpenID; fourth step: the second the Token data obtained in step, the third step the API obtained OpenID and related, request, obtain user authorization information resource. (I like concise, OAuth2.0 certification process is such, we believe that by way of illustration and explanation can understand, if did not understand, please leave a message) courseware share:
Download
(This switched: http: //blog.unvs. cn)
(Flowchart - above) four points I in FIG steps, four steps are explained below: first Previous: user access to third-party sites, such as: what you need to log QQ site; step Two: after you click on QQ login, and third-party websites will connect request, for example: after you click on the login, third party the site will jump to the QQ platform, you are prompted to log in; third step: you have to be a privilege authorized third-party websites to access your information, such as: when you successfully log on QQ, QQ will prompt you, whether to authorize the first Web-party access to your basic user information, or other resource information, then you can click on authorization; step 4: after authorization, third-party Web to access information you just authorized resources, such as: your QQ basic information - avatar, nickname, gender and so on. By this principle illustrated and explained (Figure is handmade, a little grass), I believe we have a basic understanding of the process OAuth this principle, if not understand, you can not learn how to make OAuth, and a joke. (After this step, you know what principle, it is still impossible to know exactly how to implement OAuth authentication, do not worry, read on)
3, OAuth 1.0 authentication process
Here to explain directly to the authentication mechanism OAuth1.0 protocol (OAuth2.0 will be covered in the next section), although many platforms are to follow OAuth2.0, but there are still open OAuth1.0 platform, such as:
Sina Weibo
, QQ1 .0 platforms. In OAuth 1.0 authentication will use three important Url: First: Request Token Url, a gain unauthorized Token Url; second: User Authorization Url, Url user request for authorization Token; Third : Request Access Url, using the Access Token Token get the Url; the top three Url certification process is used, the flow diagram below will reflect that, which I explain OAuth slide a direct shot down were Commentary:
the first step: a website requests to unauthorized Token authentication platform, the request Token Url was said earlier, the first Url; Step two: Go to user authorization page, the user is prompted to log in, and authorization Back obtain authorized token, is used in the User authorization Url said second front the Url; the third step: by authorized token, request Access token (the data token) to the authentication platform, request Access Url used was said earlier, the third Url, return to this step after the whole certification process is over, the last step is the data token parameters, call the user interface to obtain Information, incomplete count certification process. (I like concise certification process is such, I believe that by way of illustration and explanation can understand, if did not understand, please leave a message)
4, delivery QQ OAuth1.0 certification of calls and parameter Url
Connected to the sermon of the principle and mechanism of OAuth1.0 certification process, this article focuses on explaining to call QQ OAuth1.0 certification Url, passing the parameters of Notes. And because QQ is now on the development platform, it has been rarely find OAuth1.0 certified illustrate the development of the document, with the new 2.0 authentication mode, so a few words about Url request the return pass parameters, and not very detailed in-depth explanation, there is What is the problem you can leave a message to me. 1, requesting a temporary Token not authorized to create a new page for the QQLogin.aspx, Token and to request a temporary jump to user authorization page. Here is the relevant Url and parameters introduced Request Token Url (temporary Token request of Url): http: After //openapi.qzone.qq.com/oauth/qzoneoauth_request_token request to jump to guide the user to log Url: http: // openapi. qzone.qq.com/oauth/qzoneoauth_authorize Url first request contains the following parameters is required :( red, green is optional)
The first step: First of all authorized users to jump directly to the address that illustrated Request User Url, the user is prompted to log in, and giving resources authorized to give only Auth code, here be noted that the code is only valid for 10 minutes for safety consider, with respect to the province OAuth1.0 step to obtain temporary token, and also a valid control, simplifying a lot more than 1.0 certification, and safer; second step: get the authorization code, this step is to request access token, by illustrates request access url, data generated to give the Token; the third step: the Access Token request OpenID, openid uniquely identifies the user on this platform, info url requests by way of illustration request, and then obtain the OpenID; fourth step: the second the Token data obtained in step, the third step the API obtained OpenID and related, request, obtain user authorization information resource. (I like concise, OAuth2.0 certification process is such, we believe that by way of illustration and explanation can understand, if did not understand, please leave a message) courseware share:
Download
(This switched: http: //blog.unvs. cn)