当前位置:网站首页>The fuse: OAuth 2.0 four authorized login methods must read

The fuse: OAuth 2.0 four authorized login methods must read

2022-08-05 10:17:00 InfoQ

Author: Knowledge Talk, CSDN Contract Lecturer, HUAWEI Cloud Cloud Sharing Expert, Aliyun Community Star Blogger
Specialties: Full Stack Engineer, Crawler, ACM Algorithm
Official Account: Knowledge Talk
Contact vx: zsqtcc

Foreword:

  • About authorized login includes three terminals, resource owner (user), resource server (website storing user resources), pageThird-party website.
  • OAuth is a layer used to separate users and third-party websites. After the user agrees, the resource server can issue tokens to the third-party websites, and the firstThe third-party website can access the information of the resource server corresponding to the user through this token.

Four ways of OAuth2.0 authorization

Premise: No matter which way, the third-party website needs to register with the resource server in advanceIdentity, get the corresponding appid and secret, in order to prevent the token from being used indiscriminately.

authorization-code

  • First, the third-party website carries the appid, secrect and redirect_url to the resource server to get the QR code for login
  • Pass the confirmation notification to the resource server after the user scans the code
  • The resource server returns according to the redirect_url in the first step
    authorization-code
    and the login success status
  • After the third party obtains the authorization-code, it will bring its own previously registered appid, secrect and authorization-code to the resource server to obtain the token
  • Then the third-party website can go to the resource server to obtain the user information according to the token, and then it can wake up the follow-up operation.

Hidden (implicit)

The step of obtaining the authorization code is omitted, and the token obtained directly is suitable for websites without a backend(unsafe)

  • The third-party website carries the appid, secrect and redirect_url to the resource server to obtain the login QR code
  • After the user scans the code, the confirmation notification is sent to the resource server
  • The resource server follows the firstThe redirect_url of the step returns
    token
    and the successful login status
  • and then the third-party website according to the tokenGo to the resource server to get the user information and you can do the follow-up operations

password

  • ported by the third-party websiteUsername and password go to the resource server to get the token
  • Then the third-party website can go to the resource server to obtain the user information according to the token, and then follow-up operations can be done

client credentials (client credentials)

It is suitable for command line applications without front end, that is, requesting tokens on the command line, whichThis kind of token is not for users, that is, it is possible for multiple users to share the same token.

  • Get the token from the resource server by carrying the appid and secrect on the command line
  • Then the command line goes to the resource server to obtain user information according to the token, and then the follow-up operations can be done

Summary

Master these fourThe idea of ​​authorized login is much simpler when doing authorized login in the future.
原网站

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/217/202208051009152196.html

边栏推荐

猜你喜欢

随机推荐