Django Oauth 工具包应用程序设置 [英] Django Oauth Toolkit Application Settings
问题描述
Django Oauth Toolkit 文档没有描述注册应用程序时的重定向 uri、授权授予类型或客户端类型字段.
Django Oauth Toolkit docs don't describe the redirect uris, authorization grant type, or client type fields when registering your application.
教程说将客户端类型设置为机密,将类型设置为密码,并将 uris 留空.
The tutorial says to set client type to confidential, grant type to password, and leave uris blank.
其他选项有什么作用?
例如什么是客户端类型公共与机密?授予类型密码、凭据、授权、隐式有什么作用?重定向 uri 的用途是什么?
e.g. What is client type public vs confidential? What do the grant type password, credentials, authorization, implicit do? And what are the redirect uris for?
我发现了关于它们的稀疏信息,但没有实际解释,因为它们与 django rest 框架和 django oauth 工具包有关.
I have found sparse information about them but no actual explanations as they pertain to django rest framework and django oauth toolkit.
推荐答案
一旦您从 这里
但我会尽量简短地回答您的问题:
But I'll try to answer your questions in brief:
我会经常使用client 和Resource Server 这两个词.在Oauth2协议中,client是指访问资源、数据或服务的系统.(可能是您的移动应用程序或 JavaScript 应用程序使用了 API 后端(或 Resource Server)的 REST API.如果您在移动/JS 应用程序中实现了 Facebook 登录,则很可能是您的 API 后端请求Facebook 获取用户信息.在这种情况下,您的 API 后端是 client,而 Facebook 是 Resource Server)
I'll be using the words client and Resource Server frequently. In Oauth2 protocol, client means the system which accesses resources, data or service. (It could be your mobile app or javascript app consuming REST API's of your API Backend (or Resource Server) . If you have implemented Facebook login in your mobile/JS apps, chances are, your API backend requests Facebook for user's information. In that case your API backend is being a client and Facebook is Resource Server)
客户类型:
客户端类型是 confidential 或 public 取决于该客户端是否可以将其 client_secret 保密.(例如,AngularJS 应用程序不能保持它的 client_secret 隐藏,因为任何人都可以在浏览器中执行Inspect Element"并搜索它,所以这样的 client 必须注册为 public.)
Client type is either confidential or public depending on whether that client can keep it's client_secret a secret. (For example, an AngularJS app cannot keep it's client_secret hidden, since anyone can do "Inspect Element" in a browser and search for it, so such a client has to be registered as public.)
授权授予类型:
Oauth2协议中有四种Authorization Grant Types.
授权码:
在这种授权类型中,client 首先请求 authorization code,然后将该 authorization code 交换为 access token.这是一个两步程序.如果client 是局外人,请使用此选项(在Resource-owner password based 中有详细介绍).
In this grant type, the client requests for an authorization code first, then exchanges that authorization code for an access token. It's a two step procedure. Use this if the client is an outsider (more on it in Resource-owner password based).
隐式:
通常与 public client_type 一起使用.client 一次获得 access token 而不是上面的两步过程.
Usually used along with public client_type. Instead of a two-step procedure above, the client gets access token in one go.
基于资源所有者密码:
当client 和Resource Server 之间存在高度信任时使用.您的 API 后端和您的移动应用程序之间就是这种情况.(您的 API 后端和 Javascript 应用程序之间也存在高度信任,但由于它无法将 client_secret 保密,您必须使用 Implicit代码>授予类型它).Facebook 或 Google 等永远不会给你这种授权许可,因为对他们来说,你的 API 后端是局外人.
This is used when there is a high degree of trust between client and Resource Server. This is the case between your API backend and your Mobile app. (There is high degree of trust between your API backend and Javascript app too, but since it cannot keep it's client_secret a secret, you have to use Implicit Grant type with it). Facebook or Google etc. will never give you this kind of Authorization Grant because, for them, your API backend is an outsider.
客户凭据:
它最不常用.请阅读上述文件.
It is least commonly used. Please read about it in above mentioned document.
重定向 URI:
现在,就 Redirect URI's 而言,它们仅在 Authorization Code 或 Implicit 授权类型中需要(不确定 Client Credentials 一,有人请在评论中启发我).提供重定向 URI 以便 Resource Server 知道将 access token 发送到哪里.想象一下,如果您正在实施 Facebook 登录.在这种情况下,您将转到 developers.facebook.com 并注册您的应用程序(就像您使用 django-oauth-toolkit 所做的那样),在注册您的应用程序时,您将指定一个 重定向 URI.
Now, as far as Redirect URI's are concerned, they are needed only in Authorization Code or Implicit grant types (Not sure about Client Credentials one, somebody please enlighten me on this in comments).
Redirect URI is given so that the Resource Server knows where to send the access token. Imagine if you are implementing Facebook login. In that case you will go to developers.facebook.com and register your application (like you did with django-oauth-toolkit), while registering your application, you will specify a Redirect URI.
指定 Redirect URI 是一种说法.嘿 Facebook,在此 URI 上发送访问令牌".因此,如果您将 Redirect URI 设置为 https://your_domain_name.com/token/facebook/,Facebook 将重定向到您指定的 Redirect URI在 Oauth2 进程结束时,以 GET 参数的形式给出 Access Token,如 https://your_domain_name.com/token/facebook/?token=some_long_string&some=other_parameters.
Specifying a Redirect URI is a way of saying. "Hey Facebook, send the access token on this URI". So if you set Redirect URI something like https://your_domain_name.com/token/facebook/, Facebook will redirect to your specified Redirect URI at the end of Oauth2 process and give Access Token in the form of GET parameter, like https://your_domain_name.com/token/facebook/?token=some_long_string&some=other_parameters.
这篇关于Django Oauth 工具包应用程序设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
