Django Oauth工具包应用程序设置 [英] Django Oauth Toolkit Application Settings
问题描述
本教程说要设置客户端类型,请参阅Django Oauth工具包文档,不要在注册应用程序时描述重定向uris,授权授权类型或客户端类型字段。
其他选项有什么作用?
例如什么是客户端类型public vs机密?授权类型密码,凭据,授权,隐含?那么重定向uri是什么?
我发现有关他们的稀疏信息,但没有真正的解释,因为它们与django休息框架和django oauth工具包有关。
$ a从这里
但我会尽量简单地回答你的问题:
我会频繁使用客户端
和资源服务器
。在 Oauth2
协议中,客户端
表示访问资源,数据或服务的系统。 (它可能是您的移动应用程序或JavaScript应用程序消耗您的API后端(或资源服务器
)的REST API。如果您在移动/ JS应用程序中实施了Facebook登录,那么机会是,您的API后端请求Facebook的用户信息。在这种情况下,您的API后端是一个客户端
,Facebook是资源服务器
)
客户端类型
客户端类型为机密
或 public
根据客户端是否可以保留它的 client_secret
一个秘密。 (例如,一个 AngularJS
应用程序不能保持它的 client_secret
隐藏,因为任何人都可以在浏览器中执行检查元素并搜索它,所以这样一个客户端
必须注册为 public
。)
授权授权类型
有四种授权授权类型
在
Oauth2
协议。
-
授权代码
在此授权类型中,
客户端
请求授权代码
,然后交换一个访问令牌
的授权代码
。这是一个两步的程序。如果客户端
是一个局外人(更多在基于资源所有者密码的
)。 -
隐式:
通常与
public
client_type
。 c $ c> cc $ c> li>
-
资源所有者密码:
当有一个
客户端
和资源服务器
之间的高度信任度。您的API后端和移动应用之间就是这样。 (您的API后端和Javascript
应用程序之间有很高的信任度,但由于它不能保持它的client_secret
a秘密,你必须使用隐式
授予类型。Facebook
或Google
等将永远不会给您这样的授权授权
因为对于他们来说,你的API后端是一个外部人士。 -
客户端凭据
这是最常用的。请参阅上述文件。
重定向URI:
现在,就重定向URI的
而言,只需在授权代码
或隐式
授予类型(不确定客户端凭据
一,有人请在评论中指教我)。
重定向URI被赋予,以便资源服务器
知道在哪里发送访问令牌
。想象一下,如果你正在实施Facebook登录。在这种情况下,您将转到 developers.facebook.com
并注册您的应用程序(如您在 django-oauth-toolkit
),注册您的应用程序时,您将指定一个重定向URI
。
指定重定向URI
是一种说法。 嗨Facebook,发送这个URI上的访问令牌。因此,如果您设置重定向URI
类似 https:// your_domain_name .com / token / facebook / , Facebook
将重定向到您指定的重定向URI
Oauth2进程,并以 GET
参数的形式给出访问令牌
,如 https://your_domain_name.com/token/facebook/?token=some_long_string&some=other_parameters 。
Django Oauth Toolkit docs don't describe the redirect uris, authorization grant type, or client type fields when registering your application.
The tutorial says to set client type to confidential, grant type to password, and leave uris blank.
What do the other options do?
e.g. What is client type public vs confidential? What do the grant type password, credentials, authorization, implicit do? And what are the redirect uris for?
I have found sparse information about them but no actual explanations as they pertain to django rest framework and django oauth toolkit.
You'll get answer to all your questions once you read about Oauth2 Protocol from here
But I'll try to answer your questions in brief:
I'll be using the words client
and Resource Server
frequently. In Oauth2
protocol, client
means the system which accesses resources, data or service. (It could be your mobile app or javascript app consuming REST API's of your API Backend (or Resource Server
) . If you have implemented Facebook login in your mobile/JS apps, chances are, your API backend requests Facebook for user's information. In that case your API backend is being a client
and Facebook is Resource Server
)
Client Types:
Client type is either confidential
or public
depending on whether that client can keep it's client_secret
a secret. (For example, an AngularJS
app cannot keep it's client_secret
hidden, since anyone can do "Inspect Element" in a browser and search for it, so such a client
has to be registered as public
.)
Authorization Grant Types:
There are four kinds of Authorization Grant Types
in Oauth2
protocol.
Authorization Code:
In this grant type, the
client
requests for anauthorization code
first, then exchanges thatauthorization code
for anaccess token
. It's a two step procedure. Use this if theclient
is an outsider (more on it inResource-owner password based
).Implicit:
Usually used along with
public
client_type
. Instead of a two-step procedure above, theclient
getsaccess token
in one go.Resource-owner password based:
This is used when there is a high degree of trust between
client
andResource Server
. This is the case between your API backend and your Mobile app. (There is high degree of trust between your API backend andJavascript
app too, but since it cannot keep it'sclient_secret
a secret, you have to useImplicit
Grant type with it).Facebook
orGoogle
etc. will never give you this kind ofAuthorization Grant
because, for them, your API backend is an outsider.Client Credentials:
It is least commonly used. Please read about it in above mentioned document.
Redirect URI's:
Now, as far as Redirect URI's
are concerned, they are needed only in Authorization Code
or Implicit
grant types (Not sure about Client Credentials
one, somebody please enlighten me on this in comments).
Redirect URI is given so that the Resource Server
knows where to send the access token
. Imagine if you are implementing Facebook login. In that case you will go to developers.facebook.com
and register your application (like you did with django-oauth-toolkit
), while registering your application, you will specify a Redirect URI
.
Specifying a Redirect URI
is a way of saying. "Hey Facebook, send the access token on this URI". So if you set Redirect URI
something like https://your_domain_name.com/token/facebook/, Facebook
will redirect to your specified Redirect URI
at the end of Oauth2 process and give Access Token
in the form of GET
parameter, like https://your_domain_name.com/token/facebook/?token=some_long_string&some=other_parameters.
这篇关于Django Oauth工具包应用程序设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!