OAuth2承载令牌是否已签名？ [英] Are OAuth2 bearer tokens signed?

问题描述

这可能是一个愚蠢或天真的问题，但是：OAuth2承载令牌是否已签名？

It may be a stupid or naive question, but: Are OAuth2 bearer tokens signed?

换句话说：消费者是否能够验证是否承载令牌是由特定的授权服务器发布的？

To put it in other words: Is the consumer able to verify whether the bearer token was issued by a specific authorization server?

推荐答案

否。但是我们正在努力解决此问题。 HTTPS可以确保安全地传输令牌，但不会告诉您是谁发行的令牌。

No. But there are efforts under way to fix this. HTTPS ensures the token was transmitted securely, but it doesn't tell you who issued the token.

这篇关于OAuth2承载令牌是否已签名？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！