移动端实践单点登录知识储备之Oauth2.0(二)
上篇博客,我们简单介绍了Oauth2.0的认证系统的授权码认证的方式。授权码认证是目前国内用的非常普遍的一种协助认证机制。当然Oauth2.0的认证机制也是包含了下面几种不常用的认证方式,我们分别来介绍一下:
- User Credentials
用户认证的授权机制,这个机制是当多个系统之间有着绝对信任的情况下才会考虑这种情况。这个授权的机制需要在每次认证的时候都完整得携带用户的用户名和密码才可以进行下去,所以一般都不会采用这种方式.(The User Credentials grant type (a.k.a. Resource Owner Password Credentials) is used when the user has a trusted relationship with the client, and so can supply credentials directly.)
下面我们来看下这个认证的简单演示代码:
➜ ~ curl -u zhangyuqing:zhangyuqing https://open.www.5288z.com/oauth2/token.php -d 'grant_type=password&username=18560520395&password=zhangyuqing'
{"access_token":"84a90b675e24def649cb185f5d86c9a52a28a1db","expires_in":3600,"token_type":"Bearer","scope":"lanmu timeradio","refresh_token":"f3d674a1052e92fcaad4a5a692b8c290d07a0c68"}%
- Client Credentials
这种相当于是只认证appkey和密钥的方式来进行授权认证,目前这种方式也是国内比较常用的一种认证授权方式。(The Client Credentials grant type is used when the client is requesting access to protected resources under its control (i.e. there is no third party).)
下面是这种认证方式的一个示例代码:
➜ ~ curl https://open.www.5288z.com/oauth2/token.php -d 'grant_type=client_credentials&client_id=zhangyuqing&client_secret=zhangyuqing'
{"access_token":"68ab8b5a4bc4af2b785a09bc3a121852c4cbece9","expires_in":3600,"token_type":"Bearer","scope":"lanmu pay timeradio"}%
- Refresh Token
refresh token这个认证是一种附加的方式,就是当我们原先的access_token过期了之后,我们又没有存储用户的用户名和密码的情况下,我们想要增加这个认证授权的续期,那么这个时候我们就需要使用refresh token这种认证方式了。The Refresh Token grant type is used to obtain additional access tokens in order to prolong the client’s authorization of a user’s resources.
下面是我对这个认证方式的一个演示:
➜ ~ curl -u zhangyuqing:zhangyuqing https://open.www.5288z.com/oauth2/token.php -d 'grant_type=refresh_token&refresh_token=f3d674a1052e92fcaad4a5a692b8c290d07a0c68'
{"access_token":"dfb0597b3f028e9be4a477d33102f59720313cb0","expires_in":3600,"token_type":"Bearer","scope":"lanmu timeradio"}%
到这里我们对于Oauth2.0的几种常见的认证方式基本都介绍完毕了。