在Oauth2中,资源所有者拥有的资源在哪里? [英] In Oauth2 where are the resources that the resource owner owns?
问题描述
我一直试图了解
假设我使用我的Facebook帐户通过OAuth2登录到一个网站(例如Stack Overflow).我知道我是资源所有者",但是在这种情况下我拥有哪些资源?
Suppose I use my Facebook account to log in to a web site (say Stack Overflow ) via OAuth2. I understand that I am the "resource owner" but which resources am I owning in this scenario?
我在Facebook上的东西或在Stack Overflow中的东西?
My things in Facebook or my things in Stack Overflow?
从这篇关于傻瓜的Oauth文章,看来资源在Facebook上,但是从我的问题的答案来看,资源似乎在堆栈溢出中.
From this Oauth for dummies article it would seem the resources are in Facebook, but from the answers to my question it would seem the resources are in Stack Overflow.
资源与范围相同吗?
[更新]
查看此处的概述
我了解到
OpenID Connect 1.0是OAuth 2.0之上的简单身份层 协议.它使客户端能够验证最终用户的身份 基于授权服务器执行的身份验证,如 以及获取有关最终用户的基本个人资料信息 可互操作且类似REST的方式.
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
也
抽象地讲,OpenID Connect协议遵循以下步骤.
The OpenID Connect protocol, in abstract, follows the following steps.
- RP(客户端)向OpenID提供程序(OP)发送请求.
- OP对最终用户进行身份验证并获得授权.
- OP用ID令牌(通常是访问令牌)进行响应.
- RP可以将带有访问令牌的请求发送到UserInfo端点.
- UserInfo端点返回有关最终用户的声明.
- The RP (Client) sends a request to the OpenID Provider (OP).
- The OP authenticates the End-User and obtains authorization.
- The OP responds with an ID Token and usually an Access Token.
- The RP can send a request with the Access Token to the UserInfo Endpoint.
- The UserInfo Endpoint returns Claims about the End-User.
推荐答案
在上述情况下,您作为资源所有者授权Stack Overflow作为客户端应用程序进行访问到您的Facebook帐户作为所拥有的资源.
In the above scenario, you as the resource owner authorize access by Stack Overflow as the client application to your Facebook account as the owned resource.
该应用程序对您Facebook帐户的访问仅限于授权访问的作用域.
The application's access to your Facebook account is limited to scope of the authorized access.
这篇关于在Oauth2中,资源所有者拥有的资源在哪里?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
