什么是访问令牌与访问令牌秘密和消费者密钥与消费者秘密 [英] What is the Access Token vs. Access Token Secret and Consumer Key vs. Consumer Secret

问题描述

我使用 Oauth 已有一段时间了，但从未完全确定这四个术语之间的区别(以及每个术语的功能).我经常看到(例如在 Twitter Public API 中)

I have been using Oauth for a while but have never been completely sure of the difference between these four terms (and the functionality of each). I frequently see (for instance in the Twitter Public API)

消费者密钥:

消费者秘密:

访问令牌:

和

访问令牌秘密:

field 但我从来不知道他们到底在做什么.我知道 Oauth 具有授权应用程序的能力(让它们代表用户行事)，但我不理解这四个授权条款之间的关系，希望得到解释.

field but I have never known exactly what they do. I know that Oauth has the ability to authorize apps (let them act on a user's behalf) but I do not understand the relationship between these four authorization terms and would love an explanation.

基本上，我不确定访问令牌或令牌秘密是如何生成的，它们存储在哪里，以及它们彼此之间或与消费者密钥和秘密有什么关系.

Basically, I am not sure how the access token or token secret are generated, where they are stored, and what relation they have to each other or to the consumer key and secret.

谢谢

推荐答案

Consumer key 是服务提供者(Twitter、Facebook 等)向消费者(提供想要访问用户在服务提供者上的资源).此密钥用于识别消费者.

Consumer key is the API key that a service provider (Twitter, Facebook, etc.) issues to a consumer (a service that wants to access a user's resources on the service provider). This key is what identifies the consumer.

消费者秘密是消费者密码"，与消费者密钥一起用于从服务提供商请求访问(即授权)用户资源.

Consumer secret is the consumer "password" that is used, along with the consumer key, to request access (i.e. authorization) to a user's resources from a service provider.

访问令牌是服务提供者在消费者完成授权后发给消费者的.该令牌定义了消费者对特定用户资源的访问权限.每次消费者想要从该服务提供者访问用户的数据时，消费者都会在向服务提供者发出的 API 请求中包含访问令牌.

Access token is what is issued to the consumer by the service provider once the consumer completes authorization. This token defines the access privileges of the consumer over a particular user's resources. Each time the consumer wants to access the user's data from that service provider, the consumer includes the access token in the API request to the service provider.

希望能解决这个问题.我建议浏览 oAuth 2.0 规范的开头部分.信息量很大.

Hope that clears it up. I would recommend skimming through the beginning of the oAuth 2.0 spec. It's really informative.

这篇关于什么是访问令牌与访问令牌秘密和消费者密钥与消费者秘密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！