[英]Which OAuth 2.0 Authentication Flow does the MVC5 use?
I was going through this Example . 我正在看这个例子 。 Does this example(for facebook) use Explicit Authentication flow or Implicit Authentication flow?
此示例(针对facebook)是否使用显式身份验证流程或隐式身份验证流程?
Looking at FacebookAuthenticationHandler.ApplyResponseChallengeAsync()
code in the Katana Microsoft.Owin.Security.Facebook
namespace, it looks like it always initiates the "Authorisation Code" flow when an HTTP 401 is encountered. 查看Katana
Microsoft.Owin.Security.Facebook
命名空间中的FacebookAuthenticationHandler.ApplyResponseChallengeAsync()
代码,它看起来总是在遇到HTTP 401时启动“授权代码”流。
string authorizationEndpoint =
"https://www.facebook.com/dialog/oauth" +
"?response_type=code" +
"&client_id=" + Uri.EscapeDataString(Options.AppId) +
"&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
"&scope=" + Uri.EscapeDataString(scope) +
"&state=" + Uri.EscapeDataString(state);
So that's why you have to provide both your clientId and secret in the config. 因此,这就是为什么您必须在配置中同时提供clientId和secret的原因。 For implicit flow you would not use the secret anywhere.
对于隐式流,您不会在任何地方使用秘密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.