oAuth2 process:
- OAuth2 application request token acquiring server (for credentials)
- Carrying the token service request (header)
- Service requests oAuth2 read token and server authentication token, and obtain user information
- Application verify user rights
JWT (Json Web Token)
- Self-contained (without requesting oAuth2 server can verify the token)
- Extensible (token may include extended information)
OAuth2 License Type:
- Password authorization
- Authorize client credentials
- Authorization Code Authorization
- Implicit Authorization
Authorization code authorization process (third-party login, user login B A):
- User access to A, B is A redirected to the login page
- User login B, B request to the server to obtain an authorization code oAuth
- B redirect users to A's callback address (carrying authorization code)
- A server authentication request authorization code oAuth
- A token is returned to the server oAuth