https://tools.ietf.org/html/rfc6750

1.2. Terminology


   Bearer Token

      A security token with the property that any party in possession of

      the token (a "bearer") can use the token in any way that any other

      party in possession of it can.  Using a bearer token does not

      require a bearer to prove possession of cryptographic key material

      (proof-of-possession).

   All other terms are as defined in "The OAuth 2.0 Authorization

   Framework" [RFC6749].

1.3. Overview


   OAuth provides a method for clients to access a protected resource on

   behalf of a resource owner.  In the general case, before a client can

   access a protected resource, it must first obtain an authorization

   grant from the resource owner and then exchange the authorization

   grant for an access token.  The access token represents the grant's

   scope, duration, and other attributes granted by the authorization

   grant.  The client accesses the protected resource by presenting the

   access token to the resource server.  In some cases, a client can

   directly present its own credentials to an authorization server to

   obtain an access token without having to first obtain an

   authorization grant from a resource owner.

   The access token provides an abstraction, replacing different

   authorization constructs (e.g., username and password, assertion) for

   a single token understood by the resource server.  This abstraction

   enables issuing access tokens valid for a short time period, as well

   as removing the resource server's need to understand a wide range of

   authentication schemes.
     +--------+                               +---------------+

     |        |--(A)- Authorization Request ->|   Resource    |

     |        |                               |     Owner     |

     |        |<-(B)-- Authorization Grant ---|               |

     |        |                               +---------------+

     |        |

     |        |                               +---------------+

     |        |--(C)-- Authorization Grant -->| Authorization |

     | Client |                               |     Server    |

     |        |<-(D)----- Access Token -------|               |

     |        |                               +---------------+

     |        |

     |        |                               +---------------+

     |        |--(E)----- Access Token ------>|    Resource   |

     |        |                               |     Server    |

     |        |<-(F)--- Protected Resource ---|               |

     +--------+                               +---------------+

                     Figure 1: Abstract Protocol Flow

   The abstract OAuth 2.0 flow illustrated in Figure 1 describes the

   interaction between the client, resource owner, authorization server,

   and resource server (described in [RFC6749]).  The following two

   steps are specified within this document:

   (E)  The client requests the protected resource from the resource

        server and authenticates by presenting the access token.

   (F)  The resource server validates the access token, and if valid,

        serves the request.

   This document also imposes semantic requirements upon the access

   token returned in step (D).

The OAuth 2.0 Authorization Framework: Bearer Token Usage的更多相关文章

  1. OAuth 2.0 Authorization Framework RFC

    Internet Engineering Task Force (IETF) D. Hardt, Ed.Request for Comments: 6749 MicrosoftObsoletes: 5 ...

  2. The OAuth 2.0 Authorization Framework

      The OAuth 2.0 Authorization Framework Abstract The OAuth 2.0 authorization framework enables a thi ...

  3. The OAuth 2.0 Authorization Framework OAuth2.0的核心角色code 扫码登录

    RFC 6749 - The OAuth 2.0 Authorization Framework https://tools.ietf.org/html/rfc6749 The OAuth 2.0 a ...

  4. The OAuth 2.0 Authorization Framework-摘自https://tools.ietf.org/html/rfc6749

                                                                                  Internet Engineering T ...

  5. OAuth 2.0: Bearer Token Usage

    Bearer Token (RFC 6750) 用于HTTP请求授权访问OAuth 2.0资源,任何Bearer持有者都可以无差别地用它来访问相关的资源,而无需证明持有加密key.一个Bearer代表 ...

  6. ASP.NET WebApi OWIN 实现 OAuth 2.0(自定义获取 Token)

    相关文章:ASP.NET WebApi OWIN 实现 OAuth 2.0 之前的项目实现,Token 放在请求头的 Headers 里面,类似于这样: Accept: application/jso ...

  7. [转]OAuth 2.0 - Authorization Code授权方式详解

    本文转自:http://www.cnblogs.com/highend/archive/2012/07/06/oautn2_authorization_code.html I:OAuth 2.0 开发 ...

  8. OAuth 2.0 - Authorization Code授权方式详解

    I:OAuth 2.0 开发前期准备 天上不会自然掉馅饼让你轻松地去访问到人家资源服务器里面的用户数据资源,所以你需要做的前期开发准备工作就是把AppKey, AppSecret取到手 新浪获取传送门 ...

  9. OWIN OAuth 2.0 Authorization Server

    http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server The assumption ...

随机推荐

  1. golang函数学习笔记

    golang函数特点: a.不支持重载,一个包不能有两个名字一样的函数 b.函数是一等公民,函数也是一种类型,一个函数可以赋值给变量 c.匿名函数 d.多返回值   例子1 func add(a, b ...

  2. Linux系统性能调优之性能分析

    1.Linux性能分析的目的1)找出系统性能瓶颈(包括硬件瓶颈和软件瓶颈):2)提供性能优化的方案(升级硬件?改进系统系统结构?):3)达到合理的硬件和软件配置:4)使系统资源使用达到最大的平衡.(一 ...

  3. python学习笔记(十一)redis的介绍及安装

    一.redis简介 1.redis是一个开源的.使用C语言编写的.支持网络交互的.可基于内存也可持久化的Key-Value数据库.       2.redis的官网地址,非常好记,是redis.io. ...

  4. #运算符、不同的指针类型、数组和指针、指针运算、堆、栈、静态区、只读区、下标VS指针

    #运算符:用于在预编译期将宏参数转换为字符串 #define CONVERS(x)  #x   //注:没用双引号包括. 不同类型的指针占用的内存空间大小相同. 局部变量 定义: a[5]; 打印a[ ...

  5. Wilcoxon符号秩+秩和检验学习[转载]

    参数检验就是已知数据的精确分布模型,根据数据来求出模型中的未知参数:而非参数检验就是无需对样本总体分布(比如满足正态分布)做出假设. 1.符号检验 转自:https://baike.baidu.com ...

  6. 如何用meavn构建mahout项目

    (1)下载meavn  解压到D盘

  7. 最新zencart支付宝插件(支持1.5)

    最新zencart支付宝插件(支持1.5) 最新zencart支付宝插件(支持1.5)   支付宝接口的兼容性真不错,时至今日还能用,想利用zencart来做国内时长还真是方便多了,朋友们可以试试. ...

  8. Font: a C++ class

    Font: a C++ class        This class is used in Fractal Generator.    Avi Examples The header fileFon ...

  9. 27TCP

    TCP通信流程步骤: 服务端: 等待(被动)接收发送 1: 创建 socket:  socket() 2: 绑定端口:      bind() 3: 监听端口:      listen() 4: 接受 ...

  10. JAVA中hashmap的分析

    从http://blog.csdn.net/luanlouis/article/details/41576373?utm_source=tuicool&utm_medium=referral学 ...