将代码交换为访问令牌时redirect_uri参数的用途 [英] Purpose of redirect_uri parameter when exchanging code for access token

问题描述

Oauth2的RFC指出，生成授权代码时指定的redirect_uri必须包含在将访问令牌交换代码的请求中.

The RFC for Oauth2 says the redirect_uri which was specified when generating the authorization code must be included in the request to exchanging the code for an access token.

从RFC:

4.1.3.访问令牌请求

4.1.3. Access Token Request

客户端通过发送令牌向令牌端点发出请求 以下参数使用"application/x-www-form-urlencoded" 格式，按照附录B格式，在HTTP中使用UTF-8字符编码 请求实体-正文:

The client makes a request to the token endpoint by sending the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body:

[...]

redirect_uri

redirect_uri

必需，如果"redirect_uri"参数包含在 4.1.1节中所述的授权请求及其 值必须相同.

REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.

https://tools.ietf.org/html/rfc6749#section -4.1.3

为什么将代码交换为访问令牌需要redirect_uri?这有什么好处?

Why is the redirect_uri required when exchanging the code for an access token? What benefit does this provide?

推荐答案

在 10.6.授权代码重定向URI操作:

https://tools.ietf.org/html/rfc6749#section-10.6

这篇关于将代码交换为访问令牌时redirect_uri参数的用途的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！