OAuth 2.0 两条腿和三腿实现之间的区别 [英] Difference between OAuth 2.0 Two legged and Three legged implementation

问题描述

你能解释一下 OAuth 2.0 两条腿和三腿实现之间的区别吗?以及如何选择?哪些适合我?

Can you please explain me the Difference between OAuth 2.0 Two legged and Three legged implementation. And how to chose? Which ones for me?

推荐答案

首先，腿指的是所涉及的角色.典型的 OAuth 流程涉及三方:最终用户(或资源所有者)、客户端(第三方应用程序)和服务器(或授权服务器).因此，三足流程涉及所有三个.

First, the legs refer to the roles involved. A typical OAuth flow involves three parties: the end-user (or resource owner), the client (the third-party application), and the server (or authorization server). So a 3-legged flow involves all three.

术语 2-legged 用于描述没有最终用户参与的 OAuth 身份验证请求.基本上，它是一个简单的客户端 - 服务器身份验证请求，其中使用客户端凭据(标识符和机密)来计算请求签名，而不是以明文形式发送机密.

The term 2-legged is used to describe an OAuth-authenticated request without the end-user involved. Basically, it is a simple client-server authenticated request in which the client credentials (identifier and secret) are used to calculate a request signature instead of sending the secret in the clear.

在实现方面，2-legged 请求完全相同，但不包含访问令牌或访问令牌秘密.这两个值基本上都是空字符串.

Implementation wise, 2-legged request are exactly the same but don't include an access token or access token secret. These two values are basically empty strings.

这篇关于OAuth 2.0 两条腿和三腿实现之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！