雅虎和MS是否支持Oauth 2.0?以及关于oAuth 2.0的几个问题 [英] Does Yahoo and MS support Oauth 2.0? and few questions about oAuth 2.0
问题描述
我有几个问题...
- yahoo和microsoft api是否支持
oAuth 2.0? - 如果是,那么在从
oAuth 1.0转换到oAuth 2.0时,应该有
的主要
安全措施。$ / b $ b - Google API支持oAuth 2.0。但是
他们仍然将其标记为
实验。我开始在谷歌上注册一个
应用程序(对于oAuth $而言),我认为开始
转换是件好事,即使它是
实验性的吗? b $ b 2.0),他们要求回拨网址。如果单个应用程序使用
条件相关的回调url
,例如 -
$ b
if($ myVar == NULL)$ callbackUrl ='http: //www.mydomain.com/test.php?m=f¶ms=null'
else $ callbackUrl ='http://www.mydomain.com/test.php?m=x¶ms=1 '
当回调url已经被指定时,以上条件主要处理应用程序的回退模型或者如果浏览器支持java然后基于java的应用程序模型。请提出建议
- 我可以知道有多少电子邮件
提供网站和社交
网络支持oAuth 2.0? li>
<1>雅虎目前还不支持OAuth2,只有Oauth 1.
Microsoft支持OAuth2。 http://msdn.microsoft.com/zh-cn/library/hh243647.aspx 2)Oauth 2更简单,因为它使用SSL(HTTPS)来提供传输安全性,所以不需要签名和令牌机密。当您切换时,您需要重新实施您的OAuth流程。我想不出任何特别适用于从OAuth1升级到OAuth2的特定安全措施,但该规范详细介绍了第10节(适用于客户的部分为10.3,10.4,10.5,10.6,10.8和10.9)。
<3> OAuth2规范尚未最终确定,并可能发生变化。您可以开始使用Google实现您的OAuth2流程,但请记住可能名称或参数要求,端点等可能会更改,您的应用程序将中断/您需要进行更改在未来。 [实验功能]可以随时更改(甚至可以删除)。在关键的生产环境中使用实验性(或测试版)软件可能是一个糟糕的主意。
此外,并非所有Google服务都支持OAuth2。例如。如果您想使用OAuth来访问Gmail,您必须先使用OAuth1。
$ b 4)在 API控制台,您可以为您的OAuth2应用程序指定多个回调网址,每行一个。另一种方法是在浏览器会话/ cookie中存储'm'和'params'参数,并在授权完成后重定向到正确的页面。
支持(一些版本)OAuth2:Facebook,Microsoft / Live,Google(上述例外情况),Foursquare,GitHub,Gowalla,GeoLoqi,Salesforce。
仅支持OAuth1:Yahoo,Flickr, Twitter 。
来源。
i have several questions...
- Does yahoo and microsoft api support oAuth 2.0?
- If yes then what are the main security measures those should be taken care of while shifting from oAuth 1.0 to oAuth 2.0.
- Google API supports oAuth 2.0. But they have still marked it as an experimental. Is it good to start shifting even though it is experimental?
I see while registering an application on google (for oAuth 2.0), they ask for callback url. If a single application uses a condition dependent callback url such as -
if($myVar == NULL) $callbackUrl = 'http://www.mydomain.com/test.php?m=f¶ms=null' else $callbackUrl = 'http://www.mydomain.com/test.php?m=x¶ms=1'
How can i implement above when the callback url is already specified? The above conditional mainly handles fallback model of an application or if browser supports java then java based model of an application. Kindly suggest
- May i know how many of email providing websites and social networks supports oAuth 2.0?
1) Yahoo does not support OAuth2 yet, only Oauth 1.
Microsoft does support OAuth2. http://msdn.microsoft.com/en-us/library/hh243647.aspx
2) Oauth 2 is simpler since it uses SSL (HTTPS) to provide transport security, so the signatures and token-secrets are not needed. When you switch you will need to re-implement your OAuth flow. I can't think of any specific security measures specifically applicable to upgrading from OAuth1 to OAuth2, but the spec details some security considerations in section 10 (The parts applicable to clients are 10.3, 10.4, 10.5, 10.6, 10.8 and 10.9).
3) The OAuth2 specification is still not finalized, and may change. You could begin to implement your OAuth2 flow with Google, but bear in mind that it is possible that names or requirements of parameters, endpoints etc. could change and your application will break / you will need to make changes in future. [Experimental Features] could change (or even be removed) at any time. It is probably a bad idea to use experimental (or beta) software in a critical production environment.
Also, not all Google services support OAuth2 at the moment. eg. If you want to use OAuth for IMAP access to Gmail you will have to use OAuth1 for now.
4) In the API Console, you can specify multiple callback URLs for your OAuth2 application, one per line. An alternative would be to store your 'm' and 'params' parameters in a browser session / cookie and do the redirect to the correct page once authorization is complete.
Support (some revision of) OAuth2: Facebook, Microsoft/Live, Google (with exceptions described above), Foursquare, GitHub, Gowalla, GeoLoqi, Salesforce.
Support OAuth1 Only: Yahoo, Flickr, Twitter.
Source.
这篇关于雅虎和MS是否支持Oauth 2.0?以及关于oAuth 2.0的几个问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
