OAuth学习(一)
2012-03-15 15:09
162 查看
OAuth学习(一)
一、 概述
OAuth
provides a method for clients to access server resources on
behalf
of a resource owner (such as a different client or an enduser).
It
also provides a process for end-users to authorize(授权给)
thirdparty
access
to their server resources without sharing their
credentials(证书)
(typically, a username and password pair), using
useragent redirections.(通过跳转向authorization_url发起请求,要附带上一步请求得到的参数)
In
order for the client to access resources, it first has to obtain
permission
from the resource owner. This permission is expressed in
the
form of a token and matching shared-secret.The
purpose of the
token
(oauth_token) is to make it unnecessary for the resource owner to share its credentials with the client.Unlike
the resource owner credentials,
tokens
can be issued with a restricted scope and limited lifetime,
and
revoked independently.
This
specification consists of two parts. The first part defines a
redirection-based
user-agent process for end-users to authorize
client
access to their resources,
by authenticating directly with the
server (服务器验证用户证书的正确性)and
provisioning(提供)
tokens to the client for use with the
authentication
method. The second part defines a method for making
authenticated
HTTP [RFC2616] requests using two sets of credentials,
one(client_credentials)
identifying the client making the request,
and a
second(token_credentials)
identifying
the resource owner on whose behalf the request is being
made.
二、术语
Client 第三方应用程序
An
HTTP client (per [RFC2616]) capable of making OAuthauthenticated
requests
(Section 3).
Server 服务提供商
An
HTTP server (per [RFC2616]) capable of accepting OAuthauthenticated
requests
(Section 3).
protected
resource
An
access-restricted resource that can be obtained from the
server
using an OAuth-authenticated request (Section 3).
resource
owner 用户
An
entity capable of accessing and controlling protected
resources
by using credentials to authenticate with the server.
Credentials 证书,用来标识身份
Credentials
are a pair of a unique identifier and a matching
shared
secret. OAuth defines three classes of credentials:
client,
temporary, and token, used to identify and authenticate
the
client making the request, the authorization request, and
the
access grant, respectively.
Token
A
unique identifier issued by the server and used by the client
to
associate authenticated requests with the resource owner
whose
authorization is requested or has been obtained by the
client.
Tokens have a matching shared-secret that is used by
the
client to establish its ownership of the token, and its
authority
to represent the resource owner.
旧的术语:
The
original community specification used a somewhat different
terminology
that maps to this specifications as follows (original
community
terms provided on left):
Consumer:
client
Service
Provider: server
User:
resource owner
Consumer
Key and Secret: client credentials
Request
Token and Secret: temporary credentials
Access
Token and Secret: token credentials
三、 认证流程图
一、 概述
OAuth
provides a method for clients to access server resources on
behalf
of a resource owner (such as a different client or an enduser).
It
also provides a process for end-users to authorize(授权给)
thirdparty
access
to their server resources without sharing their
credentials(证书)
(typically, a username and password pair), using
useragent redirections.(通过跳转向authorization_url发起请求,要附带上一步请求得到的参数)
In
order for the client to access resources, it first has to obtain
permission
from the resource owner. This permission is expressed in
the
form of a token and matching shared-secret.The
purpose of the
token
(oauth_token) is to make it unnecessary for the resource owner to share its credentials with the client.Unlike
the resource owner credentials,
tokens
can be issued with a restricted scope and limited lifetime,
and
revoked independently.
This
specification consists of two parts. The first part defines a
redirection-based
user-agent process for end-users to authorize
client
access to their resources,
by authenticating directly with the
server (服务器验证用户证书的正确性)and
provisioning(提供)
tokens to the client for use with the
authentication
method. The second part defines a method for making
authenticated
HTTP [RFC2616] requests using two sets of credentials,
one(client_credentials)
identifying the client making the request,
and a
second(token_credentials)
identifying
the resource owner on whose behalf the request is being
made.
二、术语
Client 第三方应用程序
An
HTTP client (per [RFC2616]) capable of making OAuthauthenticated
requests
(Section 3).
Server 服务提供商
An
HTTP server (per [RFC2616]) capable of accepting OAuthauthenticated
requests
(Section 3).
protected
resource
An
access-restricted resource that can be obtained from the
server
using an OAuth-authenticated request (Section 3).
resource
owner 用户
An
entity capable of accessing and controlling protected
resources
by using credentials to authenticate with the server.
Credentials 证书,用来标识身份
Credentials
are a pair of a unique identifier and a matching
shared
secret. OAuth defines three classes of credentials:
client,
temporary, and token, used to identify and authenticate
the
client making the request, the authorization request, and
the
access grant, respectively.
Token
A
unique identifier issued by the server and used by the client
to
associate authenticated requests with the resource owner
whose
authorization is requested or has been obtained by the
client.
Tokens have a matching shared-secret that is used by
the
client to establish its ownership of the token, and its
authority
to represent the resource owner.
旧的术语:
The
original community specification used a somewhat different
terminology
that maps to this specifications as follows (original
community
terms provided on left):
Consumer:
client
Service
Provider: server
User:
resource owner
Consumer
Key and Secret: client credentials
Request
Token and Secret: temporary credentials
Access
Token and Secret: token credentials
三、 认证流程图
相关文章推荐
- iOS学习之iOS5.0以上 使用新浪微博开放平台OAuth
- 8. Laravel5学习笔记:在laravel5中使用OAuth授权
- Oauth 学习
- 【Scrapy】OAuth 学习笔记
- OAuth学习笔记
- iOS学习之iOS5.0以上 使用新浪微博开放平台OAuth
- OAuth2的学习小结
- IdentityServer4 ASP.NET Core的OpenID Connect OAuth 2.0框架学习保护API
- PHP学习之[第11讲]新浪微博开放平台 PHP 与 OAuth 接口(1)
- OAuth 学习(1) —— Sina微博 OAuth授权
- IOS学习之IOS5.0以上 使用新浪微博开放平台OAuth
- OAuth 学习(2) —— 自定义OAuth服务端(WCF REST数据访问控制)
- OAuth 学习笔记
- OAuth:第一天学习OAuth
- iOS学习之iOS5.0以上使用新浪微博开放平台OAuth 续(及解决登录无效问题)
- 一个不错的学习OAuth 2.0网站。英文
- oAuth协议学习
- 新浪OAuth2学习分享总结
- 新浪微博Android客户端学习记录四:完成OAuth认证
- OAuth 学习总结