OAuth:Access to shared resources via web applications
A web application which wants to gain access to shared resources should redirect the user to a page of the authorization server. When doing so, it informs the authorization server about the access rights it is requesting. This information, which is called Scope, is actually a list of identifiers separated by space characters which are often available as URLs in order to avoid naming conflicts and are given by the resource server.
Consequently, the authorization server asks the user, in his role as resource owner, for authentication (e.g. by providing the username and password). Subsequently, the user can either grant or reject the client’s request. The authorization server then redirects the user to the client and passes the user's decision to the client using a URL parameter. If the user has granted the request, the query string contains a code which the client can exchange for a security token. When doing so, the client provides authentication details to the authorization server. Mostly this is also done by giving the username and password.
The token received this way may then be used by the client to gain access to the desired resources via the resource server. Once it has received the token, the resource server must verify its validity and check if it was indeed provided by the named authorization server. Validity can be checked using the expiry date contained within the token and the latter may be done by verifying other evidence which is also embedded in the token. Such evidence may, for example, be a digital signature or an HMAC. If such cryptographic proceedings are to be avoided, there is also the possibility of the resource server contacting the authorization server to confirm the validity of the token.
The token may contain information about the user which might be used by the resource server to verify rights. Alternatively, the token may simply be a key which the resource server may exchange for user-related data when contacting the authorization server.
OAuth:Access to shared resources via web applications的更多相关文章
- ASP.NET Web API与Owin OAuth:调用与用户相关的Web API
在前一篇博文中,我们通过以 OAuth 的 Client Credential Grant 授权方式(只验证调用客户端,不验证登录用户)拿到的 Access Token ,成功调用了与用户无关的 We ...
- ASP.NET OAuth:access token的加密解密,client secret与refresh token的生成
在 ASP.NET OWIN OAuth(Microsoft.Owin.Security.OAuth)中,access token 的默认加密方法是: 1) System.Security.Crypt ...
- ASP.NET Web API与Owin OAuth:调用与用户相关的Web API(非第三方登录)
授权完成添加属性 ClaimsIdentity oAuthIdentity = await CreateAsync(user/*userManager*/, OAuthDefaults.Authent ...
- ASP.NET Web API与Owin OAuth:使用Access Toke调用受保护的API
在前一篇博文中,我们使用OAuth的Client Credential Grant授权方式,在服务端通过CNBlogsAuthorizationServerProvider(Authorization ...
- 『翻译』Access USB Devices on the Web
https://developers.google.com/web/updates/2016/03/access-usb-devices-on-the-web Access USB Devices o ...
- ASP.NET OWIN OAuth:遇到的2个refresh token问题
之前写过2篇关于refresh token的生成与持久化的博文:1)Web API与OAuth:既生access token,何生refresh token:2)ASP.NET OWIN OAuth: ...
- OAuth:OAuth概述
OAuth addresses these issues by introducing an authorization layer and separating the role of the cl ...
- OAuth:每次授权暗中保护你的那个“MAN”
摘要:OAuth是一种授权协议,允许用户在不将账号口令泄露给第三方应用的前提下,使第三方应用可以获得用户在某个web服务上存放资源的访问权限. 背景 在传统模式下,用户的客户端在访问某个web服务提供 ...
- MYSQL问题解决方案:Access denied for user 'root'@'localhost' (using password:YES)
这两天在MyEclipse中开发Web项目时,连接MYSQL数据库,出现问题:Access denied for user 'root'@'localhost' (using password:YES ...
随机推荐
- android 通用 Intent
通用 Intent 本文内容显示详细信息 闹钟 日历 相机 联系人/人员应用 电子邮件 文件存储 本地操作 地图 音乐或视频 新笔记 电话 搜索 设置 发送短信 网络浏览器 使用 Android 调试 ...
- ida自动编译配置
这个勾选上,就会出现
- 测试开发之前端——No3.HTML5中的标准属性
HTML5的标准属性 属性 值 描述 accesskey character 规定访问元素的键盘快捷键 class classname 规定元素的类名(用于规定样式表中的类). contentedit ...
- 【linux】监控磁盘情况并自动删除备份文件
背景:我有一个备份目录/home/kzy/bakup,会每天备份一些信息.随着日子一天天的过去,这个文件夹越来越大,终于把磁盘撑满了..... 需求:当磁盘占有率超过80%时自动删除该文件夹下最老的3 ...
- BCTF2017 BabyUse
BCTF2017 BabyUse 问题 问题在于drop函数中在释放块之后没有清空bss_gun_list中的指针. 一般因为存在对bss_gun_flag的验证,所以不会出现什么问题,但是在use功 ...
- vSphere Web Client 6.5 如何上传ISO文件
vSphere Web Client 6.5 如何上传ISO文件? 1,先开启SSH功能. WEB登陆管理端,选中一台主机,配置-安全配置文件-服务编辑-SSH项-起动. 2,用SFTP上传ISO文件 ...
- 启动DELPHI2010出现 EditorLineEnds.ttr 错误的解决方法
在网上找到了很多方法.其实解决这个问题的方法, 最简单的就是把 EditorLineEnds.ttr 改名为 EditorLineEnds.ttf 然后,安装它, 安装完成后就OK了.
- Redux架构
深入Redux架构 阅读目录 关于redux API 中间件与异步操作 异步操作的基本思路 React-Redux的用法 回到顶部 关于redux 之前写了一篇通过一个demo了解Redux,但对 ...
- 【LOJ】#2098. 「CQOI2015」多项式
题解 令x = x - t代换一下会发现 \(\sum_{i = 0}^{n}a_i (x + t)^i = \sum_{i = 0}^{n} b_{i} x^{i}\) 剩下的就需要写高精度爆算了- ...
- 【Java】 大话数据结构(11) 查找算法(2)(二叉排序树/二叉搜索树)
本文根据<大话数据结构>一书,实现了Java版的二叉排序树/二叉搜索树. 二叉排序树介绍 在上篇博客中,顺序表的插入和删除效率还可以,但查找效率很低:而有序线性表中,可以使用折半.插值.斐 ...