[英]Requesting a token using the authorization_code Grant Type
I want to Request a token using the authorization_code Grant Type, I see it here: https://identitymodel.readthedocs.io/en/latest/client/token.html#我想使用 authorization_code 授予类型请求令牌,我在这里看到它: https : //identitymodel.readthedocs.io/en/latest/client/token.html#
var response = await client.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
ClientId = "client",
ClientSecret = "secret",
Code = code,
RedirectUri = "https://app.com/callback",
// optional PKCE parameter
CodeVerifier = "xyz"
});
But I don't know where code
and CodeVerifier
is getten.但我不知道code
和CodeVerifier
是从哪里CodeVerifier
的。
As already you know, Authorization Code Grant contains a few steps which you need to read them from RFC 6749 - The OAuth2.0 Authorization Framework .正如您所知,授权代码授予包含一些您需要从RFC 6749 - OAuth2.0 授权框架中阅读它们的步骤。
the authorization server redirects the user-agent back to the client using the redirection URI provided earlier (in the request or during client registration).授权服务器使用之前提供的重定向 URI(在请求中或在客户端注册期间)将用户代理重定向回客户端。 The redirection URI includes an authorization code and any local state provided by the client earlier.重定向 URI 包括授权代码和客户端之前提供的任何本地状态。
There is a flow diagram in the RFC document which help you figure out how you'll earn the code . RFC 文档中有一个流程图,可以帮助您弄清楚如何获得代码。
In summary: Your client should send Authorization Code with it's request, then you send the Code to the Authorization Server and check it's validity.总结:您的客户端应该随其请求发送授权代码,然后您将代码发送到授权服务器并检查其有效性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.