📅  最后修改于: 2020-11-03 10:22:26             🧑  作者: Mango
访问令牌是标识用户,应用程序或页面的字符串。令牌包括诸如令牌何时到期以及哪个应用创建了该令牌之类的信息。
首先,必须从API控制台获取OAuth 2.0客户端凭据。
然后,客户端从授权服务器请求访问令牌。
它从响应中获取访问令牌,并将该令牌发送到您希望访问的API。
您必须首先将用户发送到授权端点。以下是虚拟请求的示例
https://publicapi.example.com/oauth2/authorize?client_id=your_client_id&redirect_uri=your_url
&response_type=code
以下是参数及其说明。
client_id-应将其设置为应用程序的客户端ID。
redirect_uri-应该设置为URL。请求被授权后,用户将被重定向回。
response_type-它可以是代码或令牌。该代码必须用于服务器端应用程序,而令牌必须用于客户端应用程序。在服务器端应用程序中,可以确保安全保存机密。
下表列出了客户端凭据的概念。
Sr.No. | Concept & Description |
---|---|
1 | Authorization Code
The authorization code allows accessing the authorization request and grants access to the client application to fetch the owner resources. |
2 | Resource Owner Password Credentials
The resource owner password credentials include only one request and one response, and is useful where the resource owner has a good relationship with the client. |
3 | Assertion
Assertion is a package of information that makes the sharing of identity and security information across various security domains possible. |
4 | Refresh Token
The refresh tokens are used to acquire a new access tokens, which carries the information necessary to get a new access token. |
5 | Access Token Response
Access token is a type of token that is assigned by the authorization server. |
6 | Access Token Error Response Codes
If the token access request, which is issued by the authorization server is invalid or unauthorized, then the authorization server returns an error response. |