https://tools.ietf.org/html/rfc6750

1.2. Terminology


   Bearer Token

      A security token with the property that any party in possession of

      the token (a "bearer") can use the token in any way that any other

      party in possession of it can.  Using a bearer token does not

      require a bearer to prove possession of cryptographic key material

      (proof-of-possession).

   All other terms are as defined in "The OAuth 2.0 Authorization

   Framework" [RFC6749].

1.3. Overview


   OAuth provides a method for clients to access a protected resource on

   behalf of a resource owner.  In the general case, before a client can

   access a protected resource, it must first obtain an authorization

   grant from the resource owner and then exchange the authorization

   grant for an access token.  The access token represents the grant's

   scope, duration, and other attributes granted by the authorization

   grant.  The client accesses the protected resource by presenting the

   access token to the resource server.  In some cases, a client can

   directly present its own credentials to an authorization server to

   obtain an access token without having to first obtain an

   authorization grant from a resource owner.

   The access token provides an abstraction, replacing different

   authorization constructs (e.g., username and password, assertion) for

   a single token understood by the resource server.  This abstraction

   enables issuing access tokens valid for a short time period, as well

   as removing the resource server's need to understand a wide range of

   authentication schemes.
     +--------+                               +---------------+

     |        |--(A)- Authorization Request ->|   Resource    |

     |        |                               |     Owner     |

     |        |<-(B)-- Authorization Grant ---|               |

     |        |                               +---------------+

     |        |

     |        |                               +---------------+

     |        |--(C)-- Authorization Grant -->| Authorization |

     | Client |                               |     Server    |

     |        |<-(D)----- Access Token -------|               |

     |        |                               +---------------+

     |        |

     |        |                               +---------------+

     |        |--(E)----- Access Token ------>|    Resource   |

     |        |                               |     Server    |

     |        |<-(F)--- Protected Resource ---|               |

     +--------+                               +---------------+

                     Figure 1: Abstract Protocol Flow

   The abstract OAuth 2.0 flow illustrated in Figure 1 describes the

   interaction between the client, resource owner, authorization server,

   and resource server (described in [RFC6749]).  The following two

   steps are specified within this document:

   (E)  The client requests the protected resource from the resource

        server and authenticates by presenting the access token.

   (F)  The resource server validates the access token, and if valid,

        serves the request.

   This document also imposes semantic requirements upon the access

   token returned in step (D).

The OAuth 2.0 Authorization Framework: Bearer Token Usage的更多相关文章

  1. OAuth 2.0 Authorization Framework RFC

    Internet Engineering Task Force (IETF) D. Hardt, Ed.Request for Comments: 6749 MicrosoftObsoletes: 5 ...

  2. The OAuth 2.0 Authorization Framework

      The OAuth 2.0 Authorization Framework Abstract The OAuth 2.0 authorization framework enables a thi ...

  3. The OAuth 2.0 Authorization Framework OAuth2.0的核心角色code 扫码登录

    RFC 6749 - The OAuth 2.0 Authorization Framework https://tools.ietf.org/html/rfc6749 The OAuth 2.0 a ...

  4. The OAuth 2.0 Authorization Framework-摘自https://tools.ietf.org/html/rfc6749

                                                                                  Internet Engineering T ...

  5. OAuth 2.0: Bearer Token Usage

    Bearer Token (RFC 6750) 用于HTTP请求授权访问OAuth 2.0资源,任何Bearer持有者都可以无差别地用它来访问相关的资源,而无需证明持有加密key.一个Bearer代表 ...

  6. ASP.NET WebApi OWIN 实现 OAuth 2.0(自定义获取 Token)

    相关文章:ASP.NET WebApi OWIN 实现 OAuth 2.0 之前的项目实现,Token 放在请求头的 Headers 里面,类似于这样: Accept: application/jso ...

  7. [转]OAuth 2.0 - Authorization Code授权方式详解

    本文转自:http://www.cnblogs.com/highend/archive/2012/07/06/oautn2_authorization_code.html I:OAuth 2.0 开发 ...

  8. OAuth 2.0 - Authorization Code授权方式详解

    I:OAuth 2.0 开发前期准备 天上不会自然掉馅饼让你轻松地去访问到人家资源服务器里面的用户数据资源,所以你需要做的前期开发准备工作就是把AppKey, AppSecret取到手 新浪获取传送门 ...

  9. OWIN OAuth 2.0 Authorization Server

    http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server The assumption ...

随机推荐

  1. 2017-2018-2 20165330实验二《Java面向对象程序设计》实验报告

    实验内容 初步掌握单元测试和TDD 理解并掌握面向对象三要素:封装.继承.多态 初步掌握UML建模 熟悉S.O.L.I.D原则 了解设计模式 实验步骤 (一)单元测试 三种代码 伪代码:从意图层面来解 ...

  2. selector.select(500); EventLoop及事件循环机制 netty 在半透明做代理网关下 对请求的批处理

    Netty框架学习之路(五)—— EventLoop及事件循环机制 - 懋懋之为 - CSDN博客 https://blog.csdn.net/tjreal/article/details/79751 ...

  3. MetaClass

    它的作用主要是 指定由谁来创建类,默认是type #python3 class Foo(metaclass=MyType): pass #python2 class Foo(object): __me ...

  4. JPA 入门程序及相关注解

    1. 概述 JPA(Java Persistence API):用于对象持久化的API; JPA本质上是一种ORM规范,不是ORM框架;提供了一些编程的API接口; Hibernate是实现; 1.1 ...

  5. squee_spoon and his Cube VI---郑大校赛(求最长子串)

    市面上最常见的魔方,是三阶魔方,英文名为Rubik's Cube,以魔方的发明者鲁比克教授的名字命名.另外,二阶魔方叫Pocket Cube,它只有2*2*2个角块,通常也就比较小:四阶魔方叫Reve ...

  6. Keywords Search---hdu2222(AC自动机 模板)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=2222 一个常见的例子就是给出n个单词,再给出一段包含m个字符的文章,让你找出有多少个单词在文章里出现过 ...

  7. Windows使用中的一些小技巧

    1.网站保存在桌面 在桌面新建一个快捷方式,然后输入网址即可.

  8. 对BeforeSuite和BeforeTest的理解

    在BeforeSuite.BeforeTest.BeforeClass.BeforeMethod及BeforeGroups中,后面三个注解都比较好理解,其实BeforeSuite.BeforeTest ...

  9. 015-HQL中级5-hive创建索引

    索引是hive0.7之后才有的功能,创建索引需要评估其合理性,因为创建索引也是要磁盘空间,维护起来也是需要代价的 创建索引 hive> create index [index_studentid ...

  10. java-mybaits-00502-案例-映射分析-一对一、一对多、多对多

    1.一对一查询[类属性即可,association ] 案例:查询所有订单信息,关联查询下单用户信息.   注意:因为一个订单信息只会是一个人下的订单,所以从查询订单信息出发关联查询用户信息为一对一查 ...