当前位置：网站首页>The fuse: OAuth 2.0 four authorized login methods must read

The fuse: OAuth 2.0 four authorized login methods must read

2022-08-05 10:17:00 【InfoQ】

Author: Knowledge Talk, CSDN Contract Lecturer, HUAWEI Cloud Cloud Sharing Expert, Aliyun Community Star Blogger
Specialties: Full Stack Engineer, Crawler, ACM Algorithm
Official Account: Knowledge Talk
Contact vx: zsqtcc

Foreword:

About authorized login includes three terminals, resource owner (user), resource server (website storing user resources), pageThird-party website.

OAuth is a layer used to separate users and third-party websites. After the user agrees, the resource server can issue tokens to the third-party websites, and the firstThe third-party website can access the information of the resource server corresponding to the user through this token.

Four ways of OAuth2.0 authorization

Premise: No matter which way, the third-party website needs to register with the resource server in advanceIdentity, get the corresponding appid and secret, in order to prevent the token from being used indiscriminately.

authorization-code

First, the third-party website carries the appid, secrect and redirect_url to the resource server to get the QR code for login

Pass the confirmation notification to the resource server after the user scans the code

The resource server returns according to the redirect_url in the first step
authorization-code
and the login success status

After the third party obtains the authorization-code, it will bring its own previously registered appid, secrect and authorization-code to the resource server to obtain the token

Then the third-party website can go to the resource server to obtain the user information according to the token, and then it can wake up the follow-up operation.

Hidden (implicit)

The step of obtaining the authorization code is omitted, and the token obtained directly is suitable for websites without a backend(unsafe)

The third-party website carries the appid, secrect and redirect_url to the resource server to obtain the login QR code

After the user scans the code, the confirmation notification is sent to the resource server

The resource server follows the firstThe redirect_url of the step returns
token
and the successful login status

and then the third-party website according to the tokenGo to the resource server to get the user information and you can do the follow-up operations

password

ported by the third-party websiteUsername and password go to the resource server to get the token

Then the third-party website can go to the resource server to obtain the user information according to the token, and then follow-up operations can be done

client credentials (client credentials)

It is suitable for command line applications without front end, that is, requesting tokens on the command line, whichThis kind of token is not for users, that is, it is possible for multiple users to share the same token.