Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about the understanding of OAuth and how the development process is, many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

What is OAUTH?

OAUTH protocol provides a secure, open and simple standard for the authorization of user resources. Different from the previous authorization methods, the authorization of OAUTH does not allow a third party to access the user's account information (such as user name and password), that is, a third party can apply for authorization of the user's resources without using the user's user name and password, so OAUTH is secure. OAuth is the abbreviation of Open Authorization.

OAUTH definition

OAUTH is an open protocol that provides a simple and standard way for desktop, mobile or web applications to access API services that require user authorization. OAUTH is similar to Flickr Auth, Google's AuthSub, Yahoo's BBAuth, Facebook Auth, etc.

Related terms

Before we figure out the OAUTH process, let's take a look at the definitions of some terms in OAUTH:

Three URL related to OAUTH:

Request Token URL: get unauthorized Request Token service address

User Authorization URL: obtain the Request Token service address authorized by the user

Access Token URL: exchange authorized Request Token for Access Token service address

Definition of parameters related to OAUTH:

Oauth_consumer_key: the direct consumer of a consumer's ID,OAUTH service is an application developed by the developer. Therefore, the acquisition of this parameter value is generally to register an application at the OAUTH service provider, and then obtain the oauth_consumer_key of the application.

The key corresponding to oauth_consumer_secret:oauth_consumer_key.

Oauth_signature_method: the signature method of the request string. When an application sends a request to three service addresses of OAUTH, it must sign the request. There are three methods of signature: HMAC-SHA1, RSA-SHA1 and PLAINTEXT.

Oauth_signature: use the above signature method to sign the request.

Oauth_timestamp: the timestamp when the request was initiated. The value is the number of seconds from 1970 00:00:00 GMT. It must be an integer greater than 0. The timestamp of this request must be greater than or equal to the last timestamp.

Oauth_nonce: a randomly generated string that is used to prevent request replay and illegal outsiders.

Oauth_version: the version number of OAUTH, optional, and its value must be 1.0.

OAUTH HTTP response Code:

HTTP 400 Bad Request request error

Unsupported parameter parameter error

Unsupported signature method signature method error

Missing Missing required parameter parameter

Duplicate Duplicated OAuth Protocol Parameter parameters

HTTP 401 Unauthorized is not authorized

Illegal key of Invalid Consumer Key

Invalid Invalid / expired Token or illegal token

Illegal Invalid signature signature

Illegal nonce of Invalid / used nonce

OAUTH Authentication Authorization process:

After figuring out the terminology of OAUTH, we can have a preliminary understanding of the process of OAUTH authentication and authorization. In fact, to put it simply, there are three steps for OAUTH authentication and authorization, which can be summarized in three sentences:

1. Get unauthorized Request Token

two。 Get Request Token authorized by the user

3. Exchange authorized Request Token for Access Token

When the application gets the Access Token, it can have access to the resources authorized by the user. As you can see, these three steps correspond to the three URL service addresses of OAUTH. Exactly, in the above three steps, each step requests a URL, receives the relevant information, and gets the relevant information from the previous step to request the next URL until you get the Access Token.

QQ OAuth3.0 development process (from QQapi)

Step1. Preparatory work

Before logging in to QQ, you need to apply for the corresponding appid and appkey to ensure that the application and user can be verified and authorized correctly in the follow-up process. At the same time, it is necessary to ensure a smooth connection.

Step2. Place the QQ login button

Place the "QQ login" button on the mobile application interface, and add the foreground code to the button, so that the QQ login dialog box pops up when you click the button.

Step3. Get Access Token

Login and authorization are verified by the user, and the Access Token is obtained in preparation for the next step of obtaining the user's OpenID. At the same time, Access Token is a parameter that must be passed by the application when calling OpenAPI to access and modify user data. Access token is generated each time the user logs in. The expiration time is three months by default. When the user logs in again, it is automatically refreshed. Please make an anti-expiration policy for the mobile app, or prompt the user to authorize again after expiration.

QQ login OAuth3.0 provides login verification and authorization process for mobile application access. It mainly provides the following ways to obtain access token: that is, the Implicit mode mentioned in the OAuth official document is suitable for the way that needs to be accessed through the client.

Step4. Get the user's OpenID through Access Token

By entering the Access Token obtained in the previous step, the OpenID of the corresponding user identity is obtained. OpenID is the only identity corresponding to the user's identity on this website or application. The website or application can store this ID to facilitate users to identify their identity the next time they log in, or to bind it to the user's original account on the site or application.

Step5. Call OpenAPI to request access to or modify resources authorized by the user

After obtaining the OpenID after obtaining the Access Token, you can obtain or modify the user's personal information by calling OpenAPI. The following three values are required when calling OpenAPI:

YOUR_APP_ID: that is, the appid assigned after successfully applying for QQ login (such as 222222)

Access Token obtained by YOUR_ACCESS_TOKEN:Step3 must be guaranteed not to expire (E0632E6CE12AC709999)

The OpenID obtained by YOUR_OPENID:Step4, and the unique identity of the user (such as B9DD537D1C5C98A9999)

After reading the above, do you have any further understanding of the understanding of OAuth and the development process? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.