堆栈内存溢出
  简体   繁体   English

通用REST客户端在向资源服务器发出请求时如何使用O Auth访问令牌?

[英]How generic REST client can use O Auth access tokens while making requests to Resource Server?

 原文  2013-03-05 13:27:13       web-services/ rest/ oauth-2.0

问题描述

We are implementing generic REST client where in we want to support O' Auth 2.0. 我们正在实现通用的REST客户端,以支持O'Auth 2.0。 For now we are thinking off to allow users to define Access Token (no matter from where they bought it) while configuring client, which REST client will use while making requests. 目前,我们正在考虑允许用户在配置客户端时定义访问令牌(无论从何处购买),以便在发出请求时使用哪个REST客户端。

is it possible ? 可能吗 ? I have couple of questions 我有几个问题

  1. Is the way a client get access token from authorization server a standard ? 客户端从授权服务器获取访问令牌的方式是否是标准的?
  2. Is client registered with the auth server while requesting access_token and can't same access token be used by other clients? 客户端在请求access_token时是否已在身份验证服务器上注册,其他客户端无法使用同一访问令牌吗?
  3. Is SSL or TSL mandate ? 是SSL还是TSL授权?
  4. Is the way client send access token to Resource server (while making resource req)a standard, does all Resource provider (facebook, linkedin, salesforce, google) support access_token sent in HTTP header or in Query parameter. 客户端将访问令牌发送到资源服务器的方式(在使资源需要时)是一种标准,所有资源提供者(facebook,linkedin,salesforce,google)是否支持在HTTP标头或查询参数中发送的access_token。
  5. Is sending access token to resource server standardized, ie we need not to encrypt or use any third party lib for this. 正在将访问令牌发送到标准化的资源服务器,即,我们不需要为此加密或使用任何第三方库。

1 个解决方案

解决方案1
 0 已采纳  2013-03-18 11:48:19

I would suggest you read the spec here . 我建议您在这里阅读规格。 Every Library implementation uses this standard, you can use whatever method to generate your keys and authorizations etc, but if you conform to those interfaces then you should be fine. 每个库实现都使用此标准,您可以使用任何方法来生成密钥和授权等,但是如果您遵循这些接口,则应该可以。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我如何在WPF客户端软件中使用Rest Web服务? - How can i use a Rest webservice in my wpf client software? AppEngine,REST和服务器请求 - AppEngine, REST, and Server Requests 如果REST是无状态的,那么它如何处理来自客户端的多个请求? - If REST is stateless then how it handles multiple requests from client? 如何在进行异步调用时关闭Soap客户端? - How to close a soap client while making async calls? 如何向GAE REST服务器授权请求? - How do I authorise requests to my GAE REST server? Rest Client 是否支持 NTLM 身份验证? - Does Rest Client support NTLM Auth? 使用客户端身份验证进行Web服务访问:handshake_failure - Webservice access with client auth: handshake_failure 如何设计一个不需要客户端进行很多请求即可获得所需数据的REST API? - How to design a REST API that doesn't require a client to make many requests to get the data it needs? 从http和Google Chrome扩展程序简单REST客户端访问WCF服务时出现500间隔服务器错误 - 500 Interval Server Error while accessing WCF service from http and Google Chrome Extension Simple REST Client 如何在 CL_REST_HTTP_CLIENT 中使用 PATCH 方法? - How to use PATCH method with CL_REST_HTTP_CLIENT?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM