将代码交换为访问令牌时redirect_uri参数的用途 [英] Purpose of redirect_uri parameter when exchanging code for access token
问题描述
Oauth2的RFC指出,生成授权代码时指定的redirect_uri
必须包含在将访问令牌交换代码的请求中.
The RFC for Oauth2 says the redirect_uri
which was specified when generating the authorization code must be included in the request to exchanging the code for an access token.
从RFC:
4.1.3.访问令牌请求
4.1.3. Access Token Request
客户端通过发送令牌向令牌端点发出请求 以下参数使用"application/x-www-form-urlencoded" 格式,按照附录B格式,在HTTP中使用UTF-8字符编码 请求实体-正文:
The client makes a request to the token endpoint by sending the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body:
[...]
redirect_uri
redirect_uri
必需,如果"redirect_uri"参数包含在 4.1.1节中所述的授权请求及其 值必须相同.
REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.
https://tools.ietf.org/html/rfc6749#section -4.1.3
为什么将代码交换为访问令牌需要redirect_uri
?这有什么好处?
Why is the redirect_uri
required when exchanging the code for an access token? What benefit does this provide?
推荐答案
在 10.6.授权代码重定向URI操作:
https://tools.ietf.org/html/rfc6749#section-10.6
这篇关于将代码交换为访问令牌时redirect_uri参数的用途的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!