The OAuth 2.0 Authorization Framework
传统身份验证问题:
- 需要存储密码
- 服务器需要支持密码验证
- 回收权限比较复杂
1.1. Roles resource owner resource server client authorization server
1.2. Protocol Flow 1.3. Authorization Grant 1.4. Access Token 1.5. Refresh Token 1.6. TLS Version 1.7. HTTP Redirections 1.8. Interoperability 1.9. Notational Conventions
2.Client Registration 2.1. Client Types
confidential public
web application user-agent-based application native application
2.2. Client Identifier 2.3. Client Authentication 2.3.1. Client Password 2.3.2. Other Authentication Methods 2.4. Unregistered Clients
3.Protocol Endpoints 3.1.Authorization Endpoint 3.1.1. Response Type 3.1.2. Redirection Endpoint 3.1.2.1. Endpoint Request Confidentiality 3.1.2.2. Registration Requirements 3.1.2.3. Dynamic Configuration 3.1.2.4. Invalid Endpoint 3.1.2.5. Endpoint Content 3.2. Token Endpoint 3.2.1. Client Authentication 3.3. Access Token Scope
- Obtaining Authorization 4.1. Authorization Code Grant 4.1.1. Authorization Request 4.1.2. Authorization Response 4.1.2.1. Error Response 4.1.3. Access Token Request 4.1.4. Access Token Response 4.2. Implicit Grant 4.2.1. Authorization Request 4.2.2. Access Token Response 4.2.2.1. Error Response 4.3. Resource Owner Password Credentials Grant 4.3.1. Authorization Request and Response 4.3.2. Access Token Request 4.3.3. Access Token Response 4.4. Client Credentials Grant 4.4.1. Authorization Request and Response 4.4.2. Access Token Request 4.4.3. Access Token Response 4.5. Extension Grants
- Issuing an Access Token 5.1. Successful Response 5.2. Error Response
- Refreshing an Access Token
- Accessing Protected Resources 7.1. Access Token Types 7.2. Error Response 8.Extensibility 8.1. Defining Access Token Types 8.2. Defining New Endpoint Parameters 8.3. Defining New Authorization Grant Types 8.4. Defining New Authorization Endpoint Response Types 8.5. Defining Additional Error Codes
9.Native Applications