作者：知识浅谈,CSDN签约讲师,华为云云享专家,Aliyun community star blogger
公众号：知识浅谈
擅长领域：全栈工程师、爬虫、ACM算法
联系方式vx：zsqtcc

前言：

• About authorized login contains three terminals,资源拥有者(用户),资源服务器(A website that stores user resources),第三方网站.
• OAuthIt is a layer used to separate users and third-party websites,After the user agrees,The resource server can be issued by a third-party websitetoken,Third-party sites through thistokenYou can access the information of the resource server corresponding to this user.

OAuth2.0Four ways of authorization

前提：不管哪种方式,All third-party websites need to register their identities with the resource server in advance,获取对应的appid和secret,为了防止tokenmisused.

授权码（authorization-code）

1. First, the third-party website carries itappid和secrect和redirect_urlGo to the resource server to get the login QR code
2. After the user scans the code, the confirmation notification is sent to the resource server
3. The resource server follows the first stepredirect_url返回authorization-codeand login success status
4. 第三方获取authorization-codeThen bring your own registrationappid和secrect和authorization-codeGo to the resource server to get ittoken
5. Then third-party websites are basedtokenAfter you go to the resource server to get the user information, you can wake up the follow-up operations.

隐藏式（implicit）

The step of obtaining the authorization code is omitted,直接获取的token,Suitable for websites without a backend（不安全）

1. carried by third-party websitesappid和secrect和redirect_urlGo to the resource server to get the login QR code
2. After the user scans the code, the confirmation notification is sent to the resource server
3. The resource server follows the first stepredirect_url返回tokenand login success status
4. Then third-party websites are basedtokenGo to the resource server to obtain user information, and then follow-up operations can be performed

密码式（password）

1. carried by third-party websitesusername和passwordGet it from the resource servertoken
2. Then third-party websites are basedtokenGo to the resource server to obtain user information, and then follow-up operations can be performed

客户端凭证（client credentials）

适用于没有前端的命令行应用,即在命令行下请求令牌,这种tokenNot for users,即有可能多个用户共享同一个令牌.

1. By carrying on the command lineappid和secrectto the resource servertoken
2. Then the command line is based ontokenGo to the resource server to obtain user information, and then follow-up operations can be performed

总结

Master the idea of ​​these four authorized logins,It will be much simpler to do authorized login in the future.