OAuth机器与机器通信
[英]OAuth machine to machine communication
问题描述
Is it necessary to use an OAuth if the communication is exclusive for a machine to machine only? 
如果通信仅供机器加工,是否有必要使用OAuth? Right now, I am using IP restriction plus private key. 现在,我正在使用IP限制加私钥。
1 个解决方案
解决方案1
2 2016-05-31 10:29:23
It is nice to keep your authentication frameworks consistent across applications deployed in the same infrastructure. 在同一基础架构中部署的应用程序之间保持身份验证框架的一致性是很好的。
Therefore, if you are already using OAuth 2.0 somewhere in your environment, taking advantage of the client credentials grant can be advantageous for server-to-server calls to still be authenticated using the same framework but not requiring any user during the authorization flow. 因此,如果您已在环境中的某处使用OAuth 2.0,则利用客户端凭据授予可能有利于服务器到服务器调用仍然使用相同的框架进行身份验证,但在授权流程期间不需要任何用户。
The flow is quite simple: 流程非常简单:
Make a
POSTrequest from the client application to the authorization server从客户端应用程序向授权服务器发出POST请求POST https://api.oauth2server.com/token grant_type=client_credentials& client_id=CLIENT_ID& client_secret=CLIENT_SECRETReceive the OAuth token response containing an access_token and refresh token
接收包含access_token和刷新令牌的OAuth令牌响应 { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter":"example_value" }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.