OAuth2 服务器的范围值是什么? [英] What are scope values for an OAuth2 server?
问题描述
我很难理解范围的工作原理.
I'm facing a difficulty to understand how scopes work.
我在这里找到了一段描述stackexchange api 但我需要更多关于它们如何工作的信息(不是特别是这个......).有人能给我一个概念吗?
I found here a small text that describes the scopes of stackexchange api but i need more information on how they work (not specifically this one...). Can someone provide me a concept?
提前致谢
推荐答案
要授权应用程序,您需要调用 OAuth2 授权过程的 URL.此 URL 在 API 的提供程序文档中有效".例如谷歌有这个网址:
To authorize an app you need to call a URL for the OAuth2 authorization process. This URL is "living" in the API's provider documentation. For example Google has this url:
https://accounts.google.com/o/auth2/auth
此外,您还需要通过此链接指定一些查询参数:
Also you will need to specify a few query parameters with this link:
cliend_id
redirect_uri
scope
:您的应用程序请求访问的数据.这通常被指定为空格分隔的字符串列表,尽管 Facebook 使用逗号分隔的字符串.scope
的有效值应包含在 API 提供程序文档中.对于 Gougle Tasks,scope
是https://www.googleapis.com/auth/tasks
.如果应用程序还需要访问 Google 文档,它将指定scope
值https://www.googleapis.com/auth/tasks
https://docs.google.com/feeds
response_type
:code
,用于服务器端的web应用流程,表明用户访问后会返回一个授权code
给应用批准授权请求.state
:您的应用程序使用的唯一值,用于防止对您的实现进行跨站点请求伪造 (CSRF) 攻击.该值应该是此特定请求的随机唯一字符串,不可猜测并在客户端保密(可能在服务器端会话中)
cliend_id
redirect_uri
scope
: The data your application is requesting access to. This is typically specified as a list of space-delimited string, though Facebook uses comma-delimited strings. Valid values for thescope
should be included in the API provider documentation. For Gougle Tasks, thescope
ishttps://www.googleapis.com/auth/tasks
. If an application also needed access to Google Docs, it would specify ascope
value ofhttps://www.googleapis.com/auth/tasks
https://docs.google.com/feeds
response_type
:code
for the server-side web application flow, indivating that an authorizationcode
will be returned to the application after the user approves the authorization request.state
: A unique value used by your application in order to prevent cross-site request forgery (CSRF) attacks on your implementation. The value should be a random unique string for this particular request, unguessable and kept secret in the client (perhaps in a server-side session)
// Generate random value for use as the 'state'. Mitigates
// risk of CSRF attacks when this value is verified against the
// value returned from the OAuth provider with the authorization
// code.
$_SESSION['state'] = rand(0,999999999);
$authorizationUrlBase = 'https://accounts.google.com/o/oauth2/auth';
$redirectUriPath = '/oauth2callback.php';
// For example only. A valid value for client_id needs to be obtained
// for your environment from the Google APIs Console at
// http://code.google.com/apis/console.
$queryParams = array(
'client_id' => '240195362.apps.googleusercontent.com',
'redirect_uri' => (isset($_SERVER['HTTPS'])?'https://':'http://') .
$_SERVER['HTTP_HOST'] . $redirectUriPath,
'scope' => 'https://www.googleapis.com/auth/tasks',
'response_type' => 'code',
'state' => $_SESSION['state'],
'approval_prompt' => 'force', // always request user consent
'access_type' => 'offline' // obtain a refresh token
);
$goToUrl = $authorizationUrlBase . '?' . http_build_query($queryParams);
// Output a webpage directing users to the $goToUrl after
// they click a "Let's Go" button
include 'access_request_template.php';
Google 授权服务器支持的 Web 服务器应用程序查询字符串参数集如下:
The set of query string parameters supported by the Google Authorization Server for web server applications are here:
https://developers.google.com/accounts/docs/OAuth2WebServer?hl=el#formingtheurl
这篇关于OAuth2 服务器的范围值是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!