[英]OIDC, OAuth2.0 and role of access token when OAuth client application and resource server are not different
I am working on the ASP.NET MVC 5
web application.我正在开发
ASP.NET MVC 5
Web 应用程序。 It has only one layer which contains views as well as business logic/operations.它只有一层包含视图以及业务逻辑/操作。 Business logic is logically separated from UI but it is not behind a separate web service/API layer.
业务逻辑在逻辑上与 UI 分离,但它不在单独的 Web 服务/API 层后面。
Now when I use OIDC
and OAuth2.0
for my application, there is no separate Resource Server
, so to say.现在,当我将
OIDC
和OAuth2.0
用于我的应用程序时,没有单独的Resource Server
,可以这么说。 Because Client itself has all the Resources I want to have access to.因为客户端本身拥有我想要访问的所有资源。
I am using Authorization Code Flow for authentication & authorization.我正在使用授权代码流进行身份验证和授权。
Questions:问题:
access token
have any role in this case?access token
是否有任何作用? If yes, what?I guess you get an ID token which contains all the information you need for authentication of a user.我猜您会得到一个 ID 令牌,其中包含验证用户所需的所有信息。 If not, you can use the access token to get the user info.
如果没有,您可以使用访问令牌来获取用户信息。 If this is all the information you need, then the access token is not needed anymore.
如果这是您需要的所有信息,则不再需要访问令牌。 This happens, because OAuth2 is a permission delegation protocol, not an authentication protocol in a first place.
发生这种情况是因为 OAuth2 是一个权限委托协议,而不是一个身份验证协议。
When you have the user info, you can implement between the browser and your ASP.NET backend in any way.当您拥有用户信息时,您可以以任何方式在浏览器和 ASP.NET 后端之间实现。 You can take a look at the OAuth 2.0 for Browser-Based Apps RFC .
您可以查看OAuth 2.0 for Browser-Based Apps RFC 。
In this case you should use Client Credential flow instead of Authorization Code flow.在这种情况下,您应该使用客户端凭据流而不是授权代码流。 In Client Credential flow, your application would send your client id & client secret to Authorization Endpoint directly and asking for access token.
在客户端凭据流中,您的应用程序会将您的客户端 ID 和客户端密码直接发送到授权端点并要求访问令牌。 Authorization Code is not needed in Client Credential flow.
客户端凭据流中不需要授权代码。 Details as below
详情如下
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.