Google OAuth2.0是否支持资源所有者密码凭证流的OAuth流? [英] Does Google OAuth2.0 support an OAuth-flow for a Resource Owner Password Credential Flow?

查看:126
本文介绍了Google OAuth2.0是否支持资源所有者密码凭证流的OAuth流?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

你好,互联网的人.

Google OAuth2.0是否支持资源所有者密码凭证流的OAuth流? ...如果是这样,那么:

Does Google OAuth2.0 support an OAuth-flow for a Resource Owner Password Credential Flow? ...and if so, then:

A.)可以在Google OAuth2 Playground上测试这种OAuth流吗?

A.) can this type of OAuth flow be tested on the Google OAuth2 Playground?

B.)是否存在带有Google OAuth2.0和Google API的资源所有者密码凭证流"的示例?

B.) are there any examples of the "Resource Owner Password Credential Flow" with Google OAuth2.0 and the Google APIs?

根据最近在Oslo NDC 2013中的OAuth演示,该主题流程显然会一起跳过授权端点,并直接与OAuth2服务器的令牌端点进行对话.请求语法咒语应该看起来像这样:

Per an OAuth presentation recently in Oslo NDC 2013, this subject flow apparently skips the authorization end point all together and directly talks to the token end point of the OAuth2 server. The request syntax incantation would supposedly look something like this:

grant_type=password&
scope=resource&
user_name=owner&
password=password&

我的理解是,资源所有者密码凭证流适用于后端企业类型情况(可以安全地存储名称/密码对)中的受信任应用程序.

My understanding is the Resource Owner Password Credential Flow is for trusted applications in a back-end enterprise type of situations (where a name-password pair could be securely stored).

此特定的OAuth流将不需要最终用户同意交互(无需弹出浏览器以接受,然后获取返回的授权码等).在该主题流程中,访问和再次直接返回刷新令牌:没有最终用户交互(尽管在输入用户名密码之后).

This particular OAuth flow would require no end-user consent interaction (no pop-up of a browser to Accept, then get a returned authorization-code, etc). In this subject flow the access & refresh token are directly returned, again: with no end-user interaction (albeit after an entry of a username-password).

浏览Google OAuth文档(链接到Google OAuth2文档)不会似乎没有提及类似于资源密码凭证流"的任何内容,但不确定是否一定意味着Google明确不支持它.

Looking through the Google OAuth documentation ( link to Google OAuth2 docs ) there does not seem to be any mention of anything resembling Resource Password Credential Flow, but not sure that necessarily means it is explicitly not supported by Google.

任何帮助或建议,将不胜感激.

Any help or advice would be much appreciated.

预先感谢

推荐答案

据我所知,否.OAuth 2.0内容适用于Google帐户,Google对其进行了身份验证.

As far as I know, No. The OAuth 2.0 stuff is for Google accounts, for which Google does authentication.

这篇关于Google OAuth2.0是否支持资源所有者密码凭证流的OAuth流?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆