Reference: http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html
to a CSDN using a WeChat login as an example, simulation scenarios:
Authorization code (authorization code) mode refers to a third-party application to request an authorization code, and then use the acquired token code.
This approach is most commonly used process, safety is the highest, it is suitable for those who have back-end Web application. Authorization code transmitted through the front, the token is stored at the rear end, and all communications with the server resources are completed at the rear end. Such separate front and rear ends, the token can avoid leakage.
The first step, CSDN website provides a link, it will jump to the site after a user clicks on WeChat, WeChat data to authorized users use the site. Here is a schematic jump CSDN website link WeChat website.
https://wechat.com/oauth/authorize?
response_type=code&
client_id=CLIENT_ID&
redirect_uri=CALLBACK_URL&
scope=read
The second step, after the user to jump, WeChat sites will require users to log in and then asked if agreed to give CSDN site license. The user agrees, then WeChat site will jump back redirect_uri, parameters specified URL. Jump, returns an authorization code, like this below.
https://csdn.com/callback?code=AUTHORIZATION_CODE
The third step, CSDN website later to get the authorization code, it can in the back end, requests a token WeChat website.
https://wexin.com/oauth/token?
client_id=CLIENT_ID&
client_secret=CLIENT_SECRET&
grant_type=authorization_code&
code=AUTHORIZATION_CODE&
redirect_uri=CALLBACK_URL
The fourth step, WeChat website after receiving the request, will be issued a token. This is done to redirect_uri, the specified URL, send some JSON data.
{
"access_token":"ACCESS_TOKEN",
"token_type":"bearer",
"expires_in":2592000,
"refresh_token":"REFRESH_TOKEN",
"scope":"read",
"uid":100101,
"info":{...}
}
