https://tools.ietf.org/html/rfc6750

1.2. Terminology


   Bearer Token

      A security token with the property that any party in possession of

      the token (a "bearer") can use the token in any way that any other

      party in possession of it can.  Using a bearer token does not

      require a bearer to prove possession of cryptographic key material

      (proof-of-possession).

   All other terms are as defined in "The OAuth 2.0 Authorization

   Framework" [RFC6749].

1.3. Overview


   OAuth provides a method for clients to access a protected resource on

   behalf of a resource owner.  In the general case, before a client can

   access a protected resource, it must first obtain an authorization

   grant from the resource owner and then exchange the authorization

   grant for an access token.  The access token represents the grant's

   scope, duration, and other attributes granted by the authorization

   grant.  The client accesses the protected resource by presenting the

   access token to the resource server.  In some cases, a client can

   directly present its own credentials to an authorization server to

   obtain an access token without having to first obtain an

   authorization grant from a resource owner.

   The access token provides an abstraction, replacing different

   authorization constructs (e.g., username and password, assertion) for

   a single token understood by the resource server.  This abstraction

   enables issuing access tokens valid for a short time period, as well

   as removing the resource server's need to understand a wide range of

   authentication schemes.
     +--------+                               +---------------+

     |        |--(A)- Authorization Request ->|   Resource    |

     |        |                               |     Owner     |

     |        |<-(B)-- Authorization Grant ---|               |

     |        |                               +---------------+

     |        |

     |        |                               +---------------+

     |        |--(C)-- Authorization Grant -->| Authorization |

     | Client |                               |     Server    |

     |        |<-(D)----- Access Token -------|               |

     |        |                               +---------------+

     |        |

     |        |                               +---------------+

     |        |--(E)----- Access Token ------>|    Resource   |

     |        |                               |     Server    |

     |        |<-(F)--- Protected Resource ---|               |

     +--------+                               +---------------+

                     Figure 1: Abstract Protocol Flow

   The abstract OAuth 2.0 flow illustrated in Figure 1 describes the

   interaction between the client, resource owner, authorization server,

   and resource server (described in [RFC6749]).  The following two

   steps are specified within this document:

   (E)  The client requests the protected resource from the resource

        server and authenticates by presenting the access token.

   (F)  The resource server validates the access token, and if valid,

        serves the request.

   This document also imposes semantic requirements upon the access

   token returned in step (D).

The OAuth 2.0 Authorization Framework: Bearer Token Usage的更多相关文章

  1. OAuth 2.0 Authorization Framework RFC

    Internet Engineering Task Force (IETF) D. Hardt, Ed.Request for Comments: 6749 MicrosoftObsoletes: 5 ...

  2. The OAuth 2.0 Authorization Framework

      The OAuth 2.0 Authorization Framework Abstract The OAuth 2.0 authorization framework enables a thi ...

  3. The OAuth 2.0 Authorization Framework OAuth2.0的核心角色code 扫码登录

    RFC 6749 - The OAuth 2.0 Authorization Framework https://tools.ietf.org/html/rfc6749 The OAuth 2.0 a ...

  4. The OAuth 2.0 Authorization Framework-摘自https://tools.ietf.org/html/rfc6749

                                                                                  Internet Engineering T ...

  5. OAuth 2.0: Bearer Token Usage

    Bearer Token (RFC 6750) 用于HTTP请求授权访问OAuth 2.0资源,任何Bearer持有者都可以无差别地用它来访问相关的资源,而无需证明持有加密key.一个Bearer代表 ...

  6. ASP.NET WebApi OWIN 实现 OAuth 2.0(自定义获取 Token)

    相关文章:ASP.NET WebApi OWIN 实现 OAuth 2.0 之前的项目实现,Token 放在请求头的 Headers 里面,类似于这样: Accept: application/jso ...

  7. [转]OAuth 2.0 - Authorization Code授权方式详解

    本文转自:http://www.cnblogs.com/highend/archive/2012/07/06/oautn2_authorization_code.html I:OAuth 2.0 开发 ...

  8. OAuth 2.0 - Authorization Code授权方式详解

    I:OAuth 2.0 开发前期准备 天上不会自然掉馅饼让你轻松地去访问到人家资源服务器里面的用户数据资源,所以你需要做的前期开发准备工作就是把AppKey, AppSecret取到手 新浪获取传送门 ...

  9. OWIN OAuth 2.0 Authorization Server

    http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server The assumption ...

随机推荐

  1. [已解决]ubuntu下chrome和firefox输入框内无法快捷键全选

    问题现象: 在chrome或firefox浏览器(其他地方没试)的输入框中使用ctr + a进行全选失效,在google中找到了这个已经解决的http://askubuntu.com/question ...

  2. 国产服务器离线安装gm

    离线安装过程: 1.安装JPEGlib cd /opt/ ls tar -zxvf jpegsrc.v9b.tar.gz cd jpeg-9b/ ./configure make make insta ...

  3. Django源码安装方法及创建启动项目

    一.源码安装方法 下载源码包:https://www.djangoproject.com/download/ 输入以下命令并安装: tar xzvf Django-X.Y.tar.gz # 解压下载包 ...

  4. centos7手动编译安装Libvirt常见问题

    由于功能需要,体验了手动编译安装Libvrt,还是碰到了不少问题,这里总结如下仅限于centos7: 1.configure: error: You must install the pciacces ...

  5. mysql 约束条件 auto_increment 自动增长 创建表时设置自增字段

    auto_increment mysql) )auto_increment; Query OK, rows affected (0.01 sec) mysql> show create tabl ...

  6. 如何制作一款HTML5 RPG游戏引擎——第四篇,情景对话

    今天我们来实现情景对话.这是一个重要的功能,没有它,游戏将变得索然无味.所以我们不得不来完成它. 但是要知道,使用对话可不是一件简单的事,因为它内部的东西很多,比如说人物头像,人物名称,对话内容... ...

  7. Spark的Driver节点和Executor节点

    转载自:http://blog.sina.com.cn/s/blog_15fc03d810102wto0.html 1.驱动器节点(Driver) Spark的驱动器是执行开发程序中的 main方法的 ...

  8. 《你的SSD可以用100年,你造吗?》总结

    来自 http://www.ssdfans.com/?p=1778 上图是闪存的一个基本存储单元,由一种类NMOS的双层浮空栅 (Floating Gate) MOS管组成,用以存储一个bit(SLC ...

  9. django后台数据管理admin设置代码

    新建admin用户 createsuperuser 设定好用户名,邮箱,密码 设置setting LANGUAGE_CODE = 'zh-hans' TIME_ZONE = 'Asia/Shangha ...

  10. xshell连接centos虚拟机

    打开centos终端,输入ifconfig 如果没有这条命令可以输入ip address en什么什么的表示设备名称 inet后面跟着的就是ip地址 复制ip地址,打开xshell,新建,在主机中输入 ...