Django Oauth 工具包应用程序设置 [英] Django Oauth Toolkit Application Settings
问题描述
Django Oauth Toolkit 文档没有描述注册应用程序时的重定向 uri、授权授予类型或客户端类型字段.
Django Oauth Toolkit docs don't describe the redirect uris, authorization grant type, or client type fields when registering your application.
教程说将客户端类型设置为机密,将类型设置为密码,并将 uris 留空.
The tutorial says to set client type to confidential, grant type to password, and leave uris blank.
其他选项有什么作用?
例如什么是客户端类型公共与机密?授予类型密码、凭据、授权、隐式有什么作用?重定向 uri 的用途是什么?
e.g. What is client type public vs confidential? What do the grant type password, credentials, authorization, implicit do? And what are the redirect uris for?
我发现了关于它们的稀疏信息,但没有实际解释,因为它们与 django rest 框架和 django oauth 工具包有关.
I have found sparse information about them but no actual explanations as they pertain to django rest framework and django oauth toolkit.
推荐答案
一旦您从 这里
但我会尽量简短地回答您的问题:
But I'll try to answer your questions in brief:
我会经常使用client
和Resource Server
这两个词.在Oauth2
协议中,client
是指访问资源、数据或服务的系统.(可能是您的移动应用程序或 JavaScript 应用程序使用了 API 后端(或 Resource Server
)的 REST API.如果您在移动/JS 应用程序中实现了 Facebook 登录,则很可能是您的 API 后端请求Facebook 获取用户信息.在这种情况下,您的 API 后端是 client
,而 Facebook 是 Resource Server
)
I'll be using the words client
and Resource Server
frequently. In Oauth2
protocol, client
means the system which accesses resources, data or service. (It could be your mobile app or javascript app consuming REST API's of your API Backend (or Resource Server
) . If you have implemented Facebook login in your mobile/JS apps, chances are, your API backend requests Facebook for user's information. In that case your API backend is being a client
and Facebook is Resource Server
)
客户类型:
客户端类型是 confidential
或 public
取决于该客户端是否可以将其 client_secret
保密.(例如,AngularJS
应用程序不能保持它的 client_secret
隐藏,因为任何人都可以在浏览器中执行Inspect Element"并搜索它,所以这样的 client
必须注册为 public
.)
Client type is either confidential
or public
depending on whether that client can keep it's client_secret
a secret. (For example, an AngularJS
app cannot keep it's client_secret
hidden, since anyone can do "Inspect Element" in a browser and search for it, so such a client
has to be registered as public
.)
授权授予类型:
Oauth2
协议中有四种Authorization Grant Types
.
授权码:
在这种授权类型中,client
首先请求 authorization code
,然后将该 authorization code
交换为 access token代码>.这是一个两步程序.如果
client
是局外人,请使用此选项(在Resource-owner password based
中有详细介绍).
In this grant type, the client
requests for an authorization code
first, then exchanges that authorization code
for an access token
. It's a two step procedure. Use this if the client
is an outsider (more on it in Resource-owner password based
).
隐式:
通常与 public
client_type
一起使用.client
一次获得 access token
而不是上面的两步过程.
Usually used along with public
client_type
. Instead of a two-step procedure above, the client
gets access token
in one go.
基于资源所有者密码:
当client
和Resource Server
之间存在高度信任时使用.您的 API 后端和您的移动应用程序之间就是这种情况.(您的 API 后端和 Javascript
应用程序之间也存在高度信任,但由于它无法将 client_secret
保密,您必须使用 Implicit
代码>授予类型它).Facebook
或 Google
等永远不会给你这种授权许可
,因为对他们来说,你的 API 后端是局外人.
This is used when there is a high degree of trust between client
and Resource Server
. This is the case between your API backend and your Mobile app. (There is high degree of trust between your API backend and Javascript
app too, but since it cannot keep it's client_secret
a secret, you have to use Implicit
Grant type with it). Facebook
or Google
etc. will never give you this kind of Authorization Grant
because, for them, your API backend is an outsider.
客户凭据:
它最不常用.请阅读上述文件.
It is least commonly used. Please read about it in above mentioned document.
重定向 URI:
现在,就 Redirect URI's
而言,它们仅在 Authorization Code
或 Implicit
授权类型中需要(不确定 Client Credentials
一,有人请在评论中启发我).提供重定向 URI 以便 Resource Server
知道将 access token
发送到哪里.想象一下,如果您正在实施 Facebook 登录.在这种情况下,您将转到 developers.facebook.com
并注册您的应用程序(就像您使用 django-oauth-toolkit
所做的那样),在注册您的应用程序时,您将指定一个 重定向 URI
.
Now, as far as Redirect URI's
are concerned, they are needed only in Authorization Code
or Implicit
grant types (Not sure about Client Credentials
one, somebody please enlighten me on this in comments).
Redirect URI is given so that the Resource Server
knows where to send the access token
. Imagine if you are implementing Facebook login. In that case you will go to developers.facebook.com
and register your application (like you did with django-oauth-toolkit
), while registering your application, you will specify a Redirect URI
.
指定 Redirect URI
是一种说法.嘿 Facebook,在此 URI 上发送访问令牌".因此,如果您将 Redirect URI
设置为 https://your_domain_name.com/token/facebook/,Facebook
将重定向到您指定的 Redirect URI
在 Oauth2 进程结束时,以 GET
参数的形式给出 Access Token
,如 https://your_domain_name.com/token/facebook/?token=some_long_string&some=other_parameters.
Specifying a Redirect URI
is a way of saying. "Hey Facebook, send the access token on this URI". So if you set Redirect URI
something like https://your_domain_name.com/token/facebook/, Facebook
will redirect to your specified Redirect URI
at the end of Oauth2 process and give Access Token
in the form of GET
parameter, like https://your_domain_name.com/token/facebook/?token=some_long_string&some=other_parameters.
这篇关于Django Oauth 工具包应用程序设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!