OAuth 2.0 授权标头 [英] OAuth 2.0 Authorization Header

问题描述

我想开发一个封装了 OAuth 2.0 功能的 SDK.我已经检查了 OAuth 1.0 & 之间的差异.2.0，我对授权标题有些困惑(1.0和2.0)，OAuth 1.0 协议可以使用HTTP授权"传输参数.标头，但我在当前的 OAuth 2.0 草案中找不到这个描述.

I want to develop a SDK that encapsules the OAuth 2.0 functions. I have checked the differences between OAuth 1.0 & 2.0, and I have some confusion on Authorization Header (1.0 and 2.0), OAuth 1.0 protocol parameters can be transmitted using the HTTP "Authorization" header, but I can't find this described in current OAuth 2.0 draft.

OAuth 2.0 是否支持授权标头?

Does OAuth 2.0 supports authorization headers?

在 OAuth 1.0 中，您的标头如下所示:

In OAuth 1.0 your header would look like:

Authorization: OAuth realm="Example",
    oauth_consumer_key="0685bd9184jfhq22",
    oauth_token="ad180jjd733klru7",
    oauth_signature_method="HMAC-SHA1",
    oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
    oauth_timestamp="137131200",
    oauth_nonce="4572616e48616d6d65724c61686176",
    oauth_version="1.0"

推荐答案

对于那些正在寻找如何在标头中传递 OAuth2 授权(访问令牌)的示例(而不是使用请求或正文参数)的人，请点击此处它是如何完成的:

For those looking for an example of how to pass the OAuth2 authorization (access token) in the header (as opposed to using a request or body parameter), here is how it's done:

Authorization: Bearer 0b79bab50daca910b000d4f1a2b675d604257e42

这篇关于OAuth 2.0 授权标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！