oAuth authentication and authorization

1. What is the OAuth protocol

OAuth (open authorization) is an open standard.

Allow third-party websites to access various information stored by users with service providers under the premise of user authorization.

This authorization does not require the user to provide the user name and password to the third-party website.

OAuth allows users to provide a token to a third-party website. A token corresponds to a specific third-party website, and the token can only access specific resources within a specific time.

2. The principle and authorization process of OAuth

The three parties involved in the authentication and authorization process of OAuth include:

Service provider: User use The service provider is generally used to store messages, photos, videos, contacts, files, etc. (such as Twitter, Sina Microwave, etc.).

User: User of the service provider

Third party: Usually a website that wants to access the user's information stored with the service provider.

For example, a website that provides photo printing services, where users want to print their online photo albums stored with the service provider.

Before the authentication process, the third party needs to apply to the service provider for the unique identifier of the third-party service.

The OAuth authentication and authorization process is as follows:

1. The user visits a third-party website and wants to operate certain resources stored by the user in the service provider.

2. The third-party website requests a temporary token from the service provider.

3. After the service provider verifies the identity of the third-party website, it grants a temporary token.

4. After the third-party website obtains the temporary token, it will direct the user to the service provider's authorization page to request user authorization. In the process, the temporary token and the return address of the third-party website will be sent to the service provider.

5. The user enters his or her username and password on the service provider's authorization page to authorize the third-party website to access the corresponding resources.

6. After the authorization is successful, the service provider will direct the user to the return address of the third-party website.

7. The third-party website obtains the access token from the service provider based on the temporary token.

8. The service provider grants third-party website access tokens based on the token and user authorization.

9. The third-party website uses the obtained access token to access the corresponding user resources stored in the service provider.

3. What are the websites that currently support OAuth?

t.sina.com.cn

t.qq.com

t.sohu.com

t.163.com

www.douban.com

www.twitter.com

www.facebook.com

Google Buzz

springboot encapsulates oauth2 protocol. There are two commonly used interfaces in it.

1. Get token

Interface: /oauth/token?

Parameters: ( grant_type is hard-coded, the other two are customized)

• grant_type=password
  

• username=development@cybergate-tech .com

• password=oQd-BfT-cer-7LP

Full sample:http://localhost:9000 /oauth/token?grant_type=password&username=development@cybergate-tech.com&password=oQd-BfT-cer-7LP

Return result example:

{
    "access_token": "beeaa54e-8391-4de0-8ba6-ce145b3fb812",
    "token_type": "bearer",
    "refresh_token": "8129769a-d804-46c7-856a-3bacd409b650",
    "expires_in": 3599,
    "scope": "read write"
}

2. Refresh token

Interface:http://localhost:9000/oauth/token?

Parameters: (refresh_token is determined based on 1. Other parameters are hard-coded )

• client_id=dashboard

• client_secret=secret

• ##grant_type=refresh_token

  
  

• refresh_token=43dca105-627e-4f50-86e8-0c22c2f3abe9

http://localhost:9000/oauth/ token?client_id=dashboard&client_secret=secret&grant_type=refresh_token&refresh_token=43dca105-627e-4f50-86e8-0c22c2f3abe9

{
    "access_token": "0135c92b-12ab-4af9-88f4-97ef85115e71",
    "token_type": "bearer",
    "refresh_token": "75d209b5-a30d-43a8-abcd-850e7fb62e76",
    "expires_in": 3599,
    "scope": "read write"
}

The above is the detailed content of oAuth authentication and authorization. For more information, please follow other related articles on the PHP Chinese website!