1. 角色
Resource Owner :资源拥有者
Resource Server 资源服务器
Client 客户端
Authorization server 授权服务器
2 大致流程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| +--------+ +---------------+
| |--(A)- Authorization Request ->| Resource |
| | | Owner |
| |<-(B)-- Authorization Grant ---| |
| | +---------------+
| |
| | +---------------+
| |--(C)-- Authorization Grant -->| Authorization |
| Client | | Server |
| |<-(D)----- Access Token -------| |
| | +---------------+
| |
| | +---------------+
| |--(E)----- Access Token ------>| Resource |
| | | Server |
| |<-(F)--- Protected Resource ---| |
+--------+ +---------------+
|
3 . 具体实现方式
3.1 授权码模式
授权码授予类型是一种安全的方式来获取访问令牌和刷新令牌。它涉及客户端将用户重定向到授权服务器,用户可以授予客户端访问其资源的权限。然后,授权服务器将授权码发送回客户端,可以用来兑换访问令牌。然后,可以使用访问令牌来访问用户的资源。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| +----------+
| Resource |
| Owner |
| |
+----------+
^
|
(B)
+----|-----+ Client Identifier +---------------+
| -+----(A)-- & Redirection URI ---->| |
| User- | | Authorization |
| Agent -+----(B)-- User authenticates --->| Server |
| | | |
| -+----(C)-- Authorization Code ---<| |
+-|----|---+ +---------------+
| | ^ v
(A) (C) | |
| | | |
^ v | |
+---------+ | |
| |>---(D)-- Authorization Code ---------' |
| Client | & Redirection URI |
| | |
| |<---(E)----- Access Token -------------------'
+---------+ (w/ Optional Refresh Token)
|