Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to quickly implement a service with oauth2.0 function". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to quickly implement a service with oauth2.0 function.

What is oauth3.0?

Oauth3.0 is an upgraded version of oauth2.0, but it is not compatible with oauth2.0. Oauth is an open authorization standard; OAuth authentication is to enable third-party applications to authorize users to access resource interfaces in the open platform (Resource Server, the main resource server in the open platform) without obtaining the user's sensitive information (such as account password, user PIN, etc.).

When will it be used?

In fact, its application can be seen everywhere in life. Take the most common example:

When we log in to app, we often see that the app login portal provides an entry for Wechat login, such as:

When you click Wechat to log in, you will jump to the Wechat login authorization page

Click Yes, and app will get our user information (nickname, avatar).

So how did it get the user information? The reason is that Wechat provides the oauth3.0 interface and implements the oauth3.0 protocol. Users do not need to use Wechat's username and password in a third-party app, but directly use Wechat authorization. After authorization, Wechat will pass an authorization code to the third-party app, and the third-party app takes this authorization code in exchange for the token visited by the current user. Finally, you can call the corresponding Wechat API (API for getting nicknames and avatars) with token.

Of course, Wechat only uses one of the authorization modes in oauth3.0: the authorization code mode. It is the safest and most complete authorization model. There are other authorization modes in oauth3.0, so I won't say much about it here. Today we will mainly talk about how to implement the authorization code model.

Oauth3.0 Authorization Code Mode Authorization process

Now there is a need like this: users want to log in to a third party app using the account of AI Code Mall.

Directly above the picture

Code implementation ideas 1. Provide an authorize.do interface for assigning authorization codes, verifying the client's appid and secert, and redirecting addresses. After the verification is completed, the user name and password are verified. If the verification is passed, the current user information is bound with code, and then the code parameters are spliced in the callback address. two。 Provide a token.do interface to assign authorization token to users, receive the code passed in by users, find the corresponding binding relationship, then generate a token to bind with specific users, and finally return token and refreshtoken to third parties. 3. Also provide an interface for refreshtoken.do to refresh the validity of token, because the token assigned to users is valid, but the validity of refresh_token is longer than that of token, so you can use refresh_token to refresh the validity of token so far. I believe you have a deeper understanding of "how to quickly achieve a service with oauth2.0 function". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.