处理OAuth2客户端凭据流
[英]Handling the OAuth2 Client Credentials flow
问题描述
I'm having trouble wrapping my head around implementing the client-credentials flow on the client side. 
我在解决在客户端实施客户端凭证流方面遇到麻烦。 Say the client requests a secure endpoint in an API without being authorized. 假设客户未经授权就请求API中的安全端点。 The API will respond with 401 and that's that? API将以401响应,仅此而已? As i understand it the client-credential flow should not require any user interaction, am i correct? 据我了解,客户端凭证流不需要任何用户交互,我是对的吗? Specifically, the client should not need to click, say, a button "Authorize client" before visiting any page that accesses protected resources? 具体来说,客户端是否不需要在访问任何访问受保护资源的页面之前单击“授权客户端”按钮?
1 个解决方案
解决方案1
1 已采纳 2016-02-23 14:28:26
You're right that there is no user interaction necessary. 没错,没有必要进行用户交互。 However, you must call the /token endpoint (with your credentials) to get back a token that you will later use in your API request's Authorization header. 但是,您必须调用/ token端点(使用您的凭据)以获取令牌,该令牌稍后将在API请求的Authorization标头中使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.