Shulou(Shulou.com)06/01 Report--

This article mainly explains "what are the authorization modes of the OAuth protocol". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what are the authorization models of the OAuth protocol".

OAuth3

OAuth is an open standard that allows third-party applications to access private resources (such as avatars, photos, videos, etc.) stored by the user on a website without providing a user name and password to a third-party application. This is achieved by providing a token rather than a user name and password to access the data they store with a specific service provider. The use of token allows users to flexibly apply authorization or reclaim privileges to third parties.

OAuth3 is the next version of the OAuth protocol, but it is not backward compatible with OAuth 1.0. Traditional Web development login authentication is generally based on session, but there will be a lot of inconvenience to continue to use session in the front and back end separate architecture, because the mobile end (Android, iOS, WeChat Mini Programs, etc.) either does not support cookie (WeChat Mini Programs), or it is very inconvenient to use, for these problems, using OAuth3 authentication can be solved.

Authorization mode

There are four authorization modes of OAuth protocol:

Authorization code mode: this mode is basically used in common third-party platform login functions.

Simplified mode: the simplified mode does not require the participation of the client server and directly applies for a token (token) from the authorization server in the browser, which can be used if the website is a pure static page.

Password mode: password mode is that the user tells the user name and password directly to the client, and the client uses this information to apply for a token (token) from the authorization server. This requires users to have a high degree of trust in the client, for example, the client application and service provider are the same company.

Client mode: the client mode means that the client applies for authorization from the service provider in its own name rather than the user's name. strictly speaking, the client mode can not be regarded as a solution to the problem to be solved by the OAuth protocol, but it is very convenient for developers to use this mode on some front-end separated applications or authentication and authorization servers provided for the mobile end.

Thank you for your reading, the above is the content of "what is the authorization mode of OAuth agreement?" after the study of this article, I believe you have a deeper understanding of what the authorization mode of OAuth agreement has, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.