OAuth (Open Authorization, i.e. open authorization) is a safe way to authorize user information to third parties without telling the third party user’s account and password. , an open standard protocol. For more introduction to the protocol, readers can refer to RFC 6749.
Let’s start with a brief explanation of the most classic Authorization Code mode under this protocol. The introduction is as follows:
Let’s explain that there are a total of Four characters.
ResourceOwner is the resource owner, which is our user himself
User-Agent is the browser we use to access the application
Client is a third-party service
AuthorizationServer is the authentication server, which can be understood as the provider of user resources.
Then the calling process is:
The user accesses the Client third-party service through the browser, and the Client constructs OAuth2 Link (parameters include the identity ID of the current third-party service and the redirect URI), which guides the user to the authorization page of the authentication server
At this time, the user chooses whether to agree to the authorization on the browser
If the user agrees to the authorization, the authentication server will redirect the user to the redirect URI specified in the first step, and attach an authorization code Code
The third-party service receives the authorization code, brings the redirect URI of the authorization code source, and applies for a certificate to the authentication server.
The authentication server checks the validity of the authorization code and redirection URI, and issues an AccessToken (calling credential) after passing it
d and e are all executed on the server side and do not need to go through the browser
1. Authorization login link Construction
First, when a user accesses an application, the front-end calls the server's interface. The server detects that the user is not logged in, and constructs an authorization link at this time.
$redirect_uri = 'https://test.xx.ccom/index'; $this->goUrl('https://auth.xx.com/connect/oauth2/authorize?appid=xxx&redirect_uri='.$redirect_uri);
Return the link to the front end, and the front end jumps directly to the link. Then https://auth.xx.com/connect/oauth2/authorize
displays a page asking whether to agree to authorization. The user clicks Authorize, and the authentication server will redirect directly. to redirect_uri and carry a Code parameter. When the server receives this code parameter, it uses this parameter to go to the authentication server to obtain the access_token.
$code = $_GET['code']; $res = file_get_contents('.$code ); $access_token = $res['access_token'];
Then the server uses this access_token to exchange for user information from the authentication server.
$res = file_get_contents('https://auth.xx.com/user_info?token='.$access_token ); $uid = $res['uid']; $name = $res['name'];
Users obtained through this protocol can do certain caching to avoid excessive pressure on the authentication server.
#Third parties can design certain cookie principles to store user information and avoid constantly requesting the authentication server.
The above is the detailed content of Introduction to OAuth2.0 protocol and PHP access. For more information, please follow other related articles on the PHP Chinese website!