Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oAuth是什么? #2

Open
kaneruan opened this issue Feb 4, 2016 · 8 comments
Open

oAuth是什么? #2

kaneruan opened this issue Feb 4, 2016 · 8 comments

Comments

@kaneruan
Copy link
Owner

kaneruan commented Feb 4, 2016

OAUTH协议为用户资源的授权提供了一个安全的、开放而又简易的标准。与以往的授权方式不同之处是OAUTH的授权不会使第三方触及到用户的帐号信息(如用户名与密码),即第三方无需使用用户的用户名与密码就可以申请获得该用户资源的授权,因此OAUTH是安全的

@kaneruan
Copy link
Owner Author

kaneruan commented Feb 4, 2016

oAuth是**_Open Authorization**_的简写。

@kaneruan
Copy link
Owner Author

kaneruan commented Feb 4, 2016

oAuth认证授权流程?

@kaneruan
Copy link
Owner Author

kaneruan commented Feb 4, 2016

分为三个步骤

  • 获取未授权的Request Token
  • 获取用户授权的Request Token
  • 用授权的Request Token换取Access Token

@kaneruan
Copy link
Owner Author

kaneruan commented Feb 4, 2016

request token 和access token是什么?

@kaneruan
Copy link
Owner Author

kaneruan commented Feb 4, 2016

三个URL

  • Request Token URL: 获取未授权的Request Token服务地址;
  • User Authorization URL: 获取用户授权的Request Token服务地址;
  • Access Token URL: 用授权的Request Token换取Access Token的服务地址;

@kaneruan
Copy link
Owner Author

kaneruan commented Feb 4, 2016

账户管理凭证(AccessToken,下同)本身具有有效期,通常为3600秒(1小时)。

@kaneruan
Copy link
Owner Author

kaneruan commented Feb 4, 2016

有两种解决方案
使用username和password重新申请授权;
使用授权时获得的RefreshToken重新申请授权,即本文档介绍的方法。

@kaneruan
Copy link
Owner Author

kaneruan commented Feb 4, 2016

详情请看刷新账户管理凭证

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant