Django Oauth工具包应用程序设置 [英] Django Oauth Toolkit Application Settings

问题描述

本教程说要设置客户端类型，请参阅Django Oauth工具包文档，不要在注册应用程序时描述重定向uris，授权授权类型或客户端类型字段。

其他选项有什么作用？

例如什么是客户端类型public vs机密？授权类型密码，凭据，授权，隐含？那么重定向uri是什么？

我发现有关他们的稀疏信息，但没有真正的解释，因为它们与django休息框架和django oauth工具包有关。

$ a

解决方案

从这里

但我会尽量简单地回答你的问题：

我会频繁使用客户端和资源服务器。在 Oauth2 协议中，客户端表示访问资源，数据或服务的系统。 （它可能是您的移动应用程序或JavaScript应用程序消耗您的API后端（或资源服务器）的REST API。如果您在移动/ JS应用程序中实施了Facebook登录，那么机会是，您的API后端请求Facebook的用户信息。在这种情况下，您的API后端是一个客户端，Facebook是资源服务器）

客户端类型

客户端类型为机密或 public 根据客户端是否可以保留它的 client_secret 一个秘密。 （例如，一个 AngularJS 应用程序不能保持它的 client_secret 隐藏，因为任何人都可以在浏览器中执行检查元素并搜索它，所以这样一个客户端必须注册为 public 。）

授权授权类型

有四种授权授权类型在 Oauth2 协议。

1. 授权代码

   
   
   

   在此授权类型中，客户端请求授权代码，然后交换一个访问令牌的授权代码。这是一个两步的程序。如果客户端是一个局外人（更多在基于资源所有者密码的）。




2. 隐式：

   
   
   

   通常与 public client_type 。 c $ c> c c $ c> li>
   

3. 资源所有者密码：

   
   
   

   当有一个 客户端和资源服务器之间的高度信任度。您的API后端和移动应用之间就是这样。 （您的API后端和 Javascript 应用程序之间有很高的信任度，但由于它不能保持它的 client_secret a秘密，你必须使用隐式授予类型。 Facebook 或 Google 等将永远不会给您这样的授权授权因为对于他们来说，你的API后端是一个外部人士。




4. 客户端凭据

   
   
   

   这是最常用的。请参阅上述文件。

重定向URI：

现在，就重定向URI的而言，只需在授权代码或隐式授予类型（不确定客户端凭据一，有人请在评论中指教我）。
重定向URI被赋予，以便资源服务器知道在哪里发送访问令牌。想象一下，如果你正在实施Facebook登录。在这种情况下，您将转到 developers.facebook.com 并注册您的应用程序（如您在 django-oauth-toolkit ），注册您的应用程序时，您将指定一个重定向URI 。

指定重定向URI 是一种说法。 嗨Facebook，发送这个URI上的访问令牌。因此，如果您设置重定向URI 类似 https：// your_domain_name .com / token / facebook / ， Facebook 将重定向到您指定的重定向URI Oauth2进程，并以 GET 参数的形式给出访问令牌，如 https://your_domain_name.com/token/facebook/?token=some_long_string&some=other_parameters 。

Django Oauth Toolkit docs don't describe the redirect uris, authorization grant type, or client type fields when registering your application.

The tutorial says to set client type to confidential, grant type to password, and leave uris blank.

What do the other options do?

e.g. What is client type public vs confidential? What do the grant type password, credentials, authorization, implicit do? And what are the redirect uris for?

I have found sparse information about them but no actual explanations as they pertain to django rest framework and django oauth toolkit.

解决方案

You'll get answer to all your questions once you read about Oauth2 Protocol from here

But I'll try to answer your questions in brief:

I'll be using the words client and Resource Server frequently. In Oauth2 protocol, client means the system which accesses resources, data or service. (It could be your mobile app or javascript app consuming REST API's of your API Backend (or Resource Server) . If you have implemented Facebook login in your mobile/JS apps, chances are, your API backend requests Facebook for user's information. In that case your API backend is being a client and Facebook is Resource Server)

Client Types:

Client type is either confidential or public depending on whether that client can keep it's client_secret a secret. (For example, an AngularJS app cannot keep it's client_secret hidden, since anyone can do "Inspect Element" in a browser and search for it, so such a client has to be registered as public.)

Authorization Grant Types:

There are four kinds of Authorization Grant Types in Oauth2 protocol.

1. Authorization Code:

   In this grant type, the client requests for an authorization code first, then exchanges that authorization code for an access token. It's a two step procedure. Use this if the client is an outsider (more on it in Resource-owner password based).

2. Implicit:

   Usually used along with public client_type. Instead of a two-step procedure above, the client gets access token in one go.

3. Resource-owner password based:

   This is used when there is a high degree of trust between client and Resource Server. This is the case between your API backend and your Mobile app. (There is high degree of trust between your API backend and Javascript app too, but since it cannot keep it's client_secret a secret, you have to use Implicit Grant type with it). Facebook or Google etc. will never give you this kind of Authorization Grant because, for them, your API backend is an outsider.

4. Client Credentials:

   It is least commonly used. Please read about it in above mentioned document.

Redirect URI's:

Now, as far as Redirect URI's are concerned, they are needed only in Authorization Code or Implicit grant types (Not sure about Client Credentials one, somebody please enlighten me on this in comments). Redirect URI is given so that the Resource Server knows where to send the access token. Imagine if you are implementing Facebook login. In that case you will go to developers.facebook.com and register your application (like you did with django-oauth-toolkit), while registering your application, you will specify a Redirect URI.

Specifying a Redirect URI is a way of saying. "Hey Facebook, send the access token on this URI". So if you set Redirect URI something like https://your_domain_name.com/token/facebook/, Facebook will redirect to your specified Redirect URI at the end of Oauth2 process and give Access Token in the form of GET parameter, like https://your_domain_name.com/token/facebook/?token=some_long_string&some=other_parameters.

这篇关于Django Oauth工具包应用程序设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！