学习 OAuth2.0 笔记( 一 )
Posted jzdwajue
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了学习 OAuth2.0 笔记( 一 )相关的知识,希望对你有一定的参考价值。
1.1. Roles
角色 OAuth defines four roles: OAuth 设定了四个角色
resource owner
资源拥有者
An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user.
资源拥有者指一个能够授权訪问受保护资源的实体.当资源拥有者是人的时候,他被称为终端用户。
resource server
资源server
The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.
资源server用来托管受保护的资源。具有接收訪问令牌请求而且响应受保护的资源。(keyword: access tokens)
client
客户端
An application making protected resource requests on behalf of the resource owner and with its authorization. The term "client" does not imply any particular implementation characteristics (e.g., whether the application executes on a server, a desktop, or other devices).
client是指:一个具备利用资源拥有者的授权信息请求受保护的资源的功能的app。“client”并不代表不论什么特定现实。(app能够是执行在服务器上的。桌面上的。或者其他设备)
authorization server
授权服务器
The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.
授权服务器,验证资源拥有者身份,拥有者进行授权,前两步成功之后,颁发 access,tokens.
The interaction between the authorization server and resource server
is beyond the scope of this specification. The authorization server
may be the same server as the resource server or a separate entity.
A single authorization server may issue access tokens accepted by
multiple resource servers.
授权server与资源server的交互超出本规范的范围。
授权server能够与资源server是同一server或者是一个单独的实体。
一个单一授权server能够为多个资源server提供 颁发 access tokens 服务。
以上是关于学习 OAuth2.0 笔记( 一 )的主要内容,如果未能解决你的问题,请参考以下文章
OAuth2.0学习(4-1)Spring Security OAuth2.0 - 代码分析
接口测试工具-Jmeter使用笔记(八:模拟OAuth2.0协议简化模式的请求)
.NET 云原生架构师训练营(Identity Server)--学习笔记