Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
347 views
in Technique[技术] by (71.8m points)

javascript - How to use OAuth 2.0 for Web Server Applications

I know basic of HTML, Javascript and PHP. I need to use API authorization of another server in my web application. I have read the documentation of that server but I was not able to figure it out how to start. Then I started to search famous servers such as Google and I realize the documentation is very similar but still I am not sure to where copy and paste the code. There is couple of example URLs. Should I copy paste them inside my code? I will appreciate if anyone knows where to start. The steps are very similar which I saw in google documentation. Here:

https://developers.google.com/accounts/docs/OAuth2WebServer
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

GettingStarted with OAuth
There is a course on KnpUniversity that gives you a good overview over oath-implementation in PHP: https://knpuniversity.com/screencast/oauth
You can watch the first two videos for free, after that you can still read the transcription and view the code examples.

Deep dive
If you want to deep dive into OAuth read the official OAuth 2 specification at https://www.rfc-editor.org/rfc/rfc6749. It takes a while and it might be helpful to grab a pen and paper to sketch some flows, but it's quite easy to read.

Protocol Endpoints

To address your question: A OAuth-Authorization-Server have to has two endpoint: the Authorization Endpoint and the Token Endpoint. Where they are located is not specified!

Google's endpoints are:

facebook's endpoints are:

So you have to find out the URLs to these two endpoints at the authorization server you wan't to use.

Authorizations Grants

The official specification specifies four different ways to obtain authorization at the authorization endpoint called grants.
These are:

  • Authorization Code Grant
  • Implicit Grant
  • Resource Owner Password Credentials Grant
  • Client Credentials Grant
    Furthermore it is allowed to specify own grant types so have a look for that in the documentation of the endpoint.

The most common grant type is the Authorization Code Grant. I highly recommend to have a look to the specification for understanding grant types: https://www.rfc-editor.org/rfc/rfc6749#section-4. The figures contained are really helpful!
The specification also contains a example for each grant type that explains how to get an access token.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...