什么是OAuth2用户服务器范围内的值？ [英] What are scope values for an OAuth2 server?

问题描述

我面对困难，以了解的范围的工作。

I'm facing a difficulty to understand how scopes work.

我发现 中描述的 stackexchange API ，但我需要他们是如何工作的（没有具体这个...）了解更多信息。有人可以给我一个什么概念？

I found here a small text that describes the scopes of stackexchange api but i need more information on how they work (not specifically this one...). Can someone provide me a concept?

在此先感谢

推荐答案

要授权，你需要呼吁的OAuth2授权程序的URL的应用程序。此URL API的供应商文档中的活。例如谷歌有这个网址：

To authorize an app you need to call a URL for the OAuth2 authorization process. This URL is "living" in the API's provider documentation. For example Google has this url:

https://accounts.google.com/o/auth2/auth

此外，你需要与此链接指定几个查询参数：

Also you will need to specify a few query parameters with this link:

• cliend_id


• REDIRECT_URI


• 范围：您的应用程序请求访问的数据。这通常指定为空间分隔的字符串列表，尽管Facebook的使用逗号分隔字符串。为范围有效值为应该包含在API提供商文档中获得。对于Gougle任务，在范围是 https://www.googleapis.com/auth/tasks 。如果一个应用程序也需要谷歌文档的访问，这将指定范围 https://www.googleapis.com/auth/tasks <值/ code> https://docs.google.com/feeds


• RESPONSE_TYPE ： code 服务器端Web应用程序流，indivati​​ng的授权 code 将返回给用户后应用程序批准的授权请求。


• 状态：为了使用你的应用程序在您执行prevent跨站请求伪造（CSRF）攻击的唯一值。该值应该是这个特殊请求一个随机的唯一的字符串，不可猜测和保密的客户端（或许在服务器端会话）

• cliend_id
• redirect_uri
• scope: The data your application is requesting access to. This is typically specified as a list of space-delimited string, though Facebook uses comma-delimited strings. Valid values for the scope should be included in the API provider documentation. For Gougle Tasks, the scope is https://www.googleapis.com/auth/tasks. If an application also needed access to Google Docs, it would specify a scope value of https://www.googleapis.com/auth/tasks https://docs.google.com/feeds
• response_type: code for the server-side web application flow, indivating that an authorization code will be returned to the application after the user approves the authorization request.
• state: A unique value used by your application in order to prevent cross-site request forgery (CSRF) attacks on your implementation. The value should be a random unique string for this particular request, unguessable and kept secret in the client (perhaps in a server-side session)

// Generate random value for use as the 'state'.  Mitigates
// risk of CSRF attacks when this value is verified against the
// value returned from the OAuth provider with the authorization
// code.
$_SESSION['state'] = rand(0,999999999);

$authorizationUrlBase = 'https://accounts.google.com/o/oauth2/auth';
$redirectUriPath = '/oauth2callback.php';

// For example only.  A valid value for client_id needs to be obtained 
// for your environment from the Google APIs Console at 
// http://code.google.com/apis/console.
$queryParams = array(
  'client_id' => '240195362.apps.googleusercontent.com',
  'redirect_uri' => (isset($_SERVER['HTTPS'])?'https://':'http://') .
                   $_SERVER['HTTP_HOST'] . $redirectUriPath,
  'scope' => 'https://www.googleapis.com/auth/tasks',
  'response_type' => 'code',
  'state' => $_SESSION['state'],
  'approval_prompt' => 'force', // always request user consent
  'access_type' => 'offline' // obtain a refresh token
);

$goToUrl = $authorizationUrlBase . '?' . http_build_query($queryParams);

// Output a webpage directing users to the $goToUrl after 
// they click a "Let's Go" button
include 'access_request_template.php';

由谷歌授权服务器的Web服务器应用程序支持的一组查询字符串参数都在这里：

The set of query string parameters supported by the Google Authorization Server for web server applications are here:

的https://developers.google.com/accounts/docs/OAuth2WebServer?hl=el#formingtheurl

这篇关于什么是OAuth2用户服务器范围内的值？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！