oAuth authentication and authorization
1. What is the OAuth protocol
OAuth (open authorization) is an open standard.
Allow third-party websites to access various information stored by users with service providers under the premise of user authorization.
This authorization does not require the user to provide the user name and password to the third-party website.
OAuth allows users to provide a token to a third-party website. A token corresponds to a specific third-party website, and the token can only access specific resources within a specific time.
2. The principle and authorization process of OAuth
The three parties involved in the authentication and authorization process of OAuth include:
Service provider: User use The service provider is generally used to store messages, photos, videos, contacts, files, etc. (such as Twitter, Sina Microwave, etc.).
User: User of the service provider
Third party: Usually a website that wants to access the user's information stored with the service provider.
For example, a website that provides photo printing services, where users want to print their online photo albums stored with the service provider.
Before the authentication process, the third party needs to apply to the service provider for the unique identifier of the third-party service.
The OAuth authentication and authorization process is as follows:
1. The user visits a third-party website and wants to operate certain resources stored by the user in the service provider.
2. The third-party website requests a temporary token from the service provider.
3. After the service provider verifies the identity of the third-party website, it grants a temporary token.
4. After the third-party website obtains the temporary token, it will direct the user to the service provider's authorization page to request user authorization. In the process, the temporary token and the return address of the third-party website will be sent to the service provider.
5. The user enters his or her username and password on the service provider's authorization page to authorize the third-party website to access the corresponding resources.
6. After the authorization is successful, the service provider will direct the user to the return address of the third-party website.
7. The third-party website obtains the access token from the service provider based on the temporary token.
8. The service provider grants third-party website access tokens based on the token and user authorization.
9. The third-party website uses the obtained access token to access the corresponding user resources stored in the service provider.
3. What are the websites that currently support OAuth?
t.sina.com.cn
t.qq.com
t.sohu.com
t.163.com
www.douban.com
www.twitter.com
www.facebook.com
Google Buzz
springboot encapsulates oauth2 protocol. There are two commonly used interfaces in it.
1. Get token
Interface: /oauth/token?
Parameters: ( grant_type is hard-coded, the other two are customized)
grant_type=password
username=development@cybergate-tech .com
password=oQd-BfT-cer-7LP
Full sample:http://localhost:9000 /oauth/token?grant_type=password&username=development@cybergate-tech.com&password=oQd-BfT-cer-7LP
Return result example:
{
"access_token": "beeaa54e-8391-4de0-8ba6-ce145b3fb812",
"token_type": "bearer",
"refresh_token": "8129769a-d804-46c7-856a-3bacd409b650",
"expires_in": 3599,
"scope": "read write"
}2. Refresh token
Interface:http://localhost:9000/oauth/token?
Parameters: (refresh_token is determined based on 1. Other parameters are hard-coded )
client_id=dashboard
client_secret=secret
- ##grant_type=refresh_token
- refresh_token=43dca105-627e-4f50-86e8-0c22c2f3abe9
http://localhost:9000/oauth/ token?client_id=dashboard&client_secret=secret&grant_type=refresh_token&refresh_token=43dca105-627e-4f50-86e8-0c22c2f3abe9
{
"access_token": "0135c92b-12ab-4af9-88f4-97ef85115e71",
"token_type": "bearer",
"refresh_token": "75d209b5-a30d-43a8-abcd-850e7fb62e76",
"expires_in": 3599,
"scope": "read write"
}The above is the detailed content of oAuth authentication and authorization. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1377
52
PHP and OAuth: Implementing Microsoft Login Integration
Jul 28, 2023 pm 05:15 PM
PHP and OAuth: Implementing Microsoft login integration With the development of the Internet, more and more websites and applications need to support users to log in using third-party accounts to provide a convenient registration and login experience. Microsoft account is one of the widely used accounts around the world, and many users want to use Microsoft account to log in to websites and applications. In order to achieve Microsoft login integration, we can use the OAuth (Open Authorization) protocol to achieve it. OAuth is an open-standard authorization protocol that allows users to authorize third-party applications to act on their behalf
OAuth in PHP: Create a JWT authorization server
Jul 28, 2023 pm 05:27 PM
OAuth in PHP: Creating a JWT authorization server With the rise of mobile applications and the trend of separation of front-end and back-end, OAuth has become an indispensable part of modern web applications. OAuth is an authorization protocol that protects users' resources from unauthorized access by providing standardized processes and mechanisms. In this article, we will learn how to create a JWT (JSONWebTokens) based OAuth authorization server using PHP. JWT is a type of
How to do Google Drive integration using PHP and OAuth
Jul 31, 2023 pm 04:41 PM
How to do GoogleDrive integration using PHP and OAuth GoogleDrive is a popular cloud storage service that allows users to store files in the cloud and share them with other users. Through GoogleDriveAPI, we can use PHP to write code to integrate with GoogleDrive to implement file uploading, downloading, deletion and other operations. To use GoogleDriveAPI we need to authenticate via OAuth and
What are the differences between WeChat official account certification and non-certification?
Sep 19, 2023 pm 02:15 PM
The difference between WeChat public account authentication and non-authentication lies in the authentication logo, function permissions, push frequency, interface permissions and user trust. Detailed introduction: 1. Certification logo. Certified public accounts will obtain the official certification logo, which is the blue V logo. This logo can increase the credibility and authority of the public account and make it easier for users to identify the real official public account; 2. Function permissions. Certified public accounts have more functions and permissions than uncertified public accounts. For example, certified public accounts can apply to activate the WeChat payment function to achieve online payment and commercial operations, etc.
OAuth2 authentication method and implementation in PHP
Aug 07, 2023 pm 10:53 PM
OAuth2 authentication method and implementation in PHP With the development of the Internet, more and more applications need to interact with third-party platforms. In order to protect user privacy and security, many third-party platforms use the OAuth2 protocol to implement user authentication. In this article, we will introduce the OAuth2 authentication method and implementation in PHP, and attach corresponding code examples. OAuth2 is an authorization framework that allows users to authorize third-party applications to access their resources on another service provider without mentioning
How to use PHP and OAuth for QQ login integration
Jul 31, 2023 pm 12:37 PM
Introduction to how to use PHP and OAuth for QQ login integration: With the development of social media, more and more websites and applications are beginning to provide third-party login functions to facilitate users to quickly register and log in. As one of China's largest social media platforms, QQ has also become a third-party login service provided by many websites and applications. This article will introduce the steps on how to use PHP and OAuth for QQ login integration, with code examples. Step 1: Register as a QQ open platform developer. Before starting to integrate QQ login, I
Using PHP to implement third-party authorization and authentication based on OAuth2
Aug 08, 2023 am 10:53 AM
Use PHP to implement third-party authorization and authentication based on OAuth2. OAuth2 is an open standard protocol used to authorize third-party applications to access user resources. It is simple, secure and flexible and is widely used in various web applications and mobile applications. In PHP, we can implement OAuth2 authorization and authentication by using third-party libraries. This article will combine sample code to introduce how to use PHP to implement third-party authorization and authentication based on OAuth2. First, we need to use Compos
Using Spring Security OAuth2 for authentication in Java API development
Jun 18, 2023 pm 11:03 PM
With the continuous development of the Internet, more and more applications are developed using distributed architecture. In a distributed architecture, authentication is one of the most critical security issues. In order to solve this problem, developers usually implement OAuth2 authentication. SpringSecurityOAuth2 is a commonly used security framework for OAuth2 authentication and is very suitable for JavaAPI development. This article will introduce how to develop in JavaAPI
