📜  OAuth 2.0-获取访问令牌

📅  最后修改于: 2020-11-03 10:22:26             🧑  作者: Mango


访问令牌是标识用户,应用程序或页面的字符串。令牌包括诸如令牌何时到期以及哪个应用创建了该令牌之类的信息。

  • 首先,必须从API控制台获取OAuth 2.0客户端凭据。

  • 然后,客户端从授权服务器请求访问令牌。

  • 它从响应中获取访问令牌,并将该令牌发送到您希望访问的API。

您必须首先将用户发送到授权端点。以下是虚拟请求的示例

https://publicapi.example.com/oauth2/authorize?client_id=your_client_id&redirect_uri=your_url 
   &response_type=code

以下是参数及其说明。

  • client_id-应将其设置为应用程序的客户端ID。

  • redirect_uri-应该设置为URL。请求被授权后,用户将被重定向回。

  • response_type-它可以是代码或令牌。该代码必须用于服务器端应用程序,而令牌必须用于客户端应用程序。在服务器端应用程序中,可以确保安全保存机密。

下表列出了客户端凭据的概念。

Sr.No. Concept & Description
1 Authorization Code

The authorization code allows accessing the authorization request and grants access to the client application to fetch the owner resources.

2 Resource Owner Password Credentials

The resource owner password credentials include only one request and one response, and is useful where the resource owner has a good relationship with the client.

3 Assertion

Assertion is a package of information that makes the sharing of identity and security information across various security domains possible.

4 Refresh Token

The refresh tokens are used to acquire a new access tokens, which carries the information necessary to get a new access token.

5 Access Token Response

Access token is a type of token that is assigned by the authorization server.

6 Access Token Error Response Codes

If the token access request, which is issued by the authorization server is invalid or unauthorized, then the authorization server returns an error response.