[英]OAuth2 client credentials
So right now I'm implementing oauth2 in my server, but I just want to support the client_credentials
grant.所以现在我正在我的服务器中实现 oauth2,但我只想支持
client_credentials
授权。 The thing is, the node-oauth2-server says that supports this type of grant, and I pretty much debugged the whole library, and there are some things that doesn't make sense to me.问题是, node-oauth2-server说支持这种类型的授权,我几乎调试了整个库,有些东西对我来说没有意义。
As far as I understand, the client_credentials
grant should work like this:据我了解,
client_credentials
授权应该像这样工作:
client_id
and client_secret
for the client, this is the only time we will get the client_secret
and we should give this to our clientclient_id
和client_secret
,这是我们唯一一次获得client_secret
并且我们应该将其提供给我们的客户端client_id
should be stored in database with any extra data (like the account id associated or something like this) and a hash of client_secret
so we can later validate it client_id
应该与任何额外的数据(如关联的帐户 ID 或类似的东西)和client_secret
的哈希一起存储在数据库中,以便我们稍后验证它client_id
and client_secret
client_id
和client_secret
I may be wrong about this, but this is what I need and this exactly what C# Identity does and it is explained here .我可能错了,但这就是我需要的,这正是C# Identity所做的, 这里有解释。
In my case I'm working with nodejs.就我而言,我正在使用 nodejs。 Actually is a NestJS project, so I was trying to use this lib which is basically a wrapper for
node-oauth2-server
, and if you take a look inside node-oauth2-server
, looks like they only support authorization codes, this is because the AuthorizeHandler.handle()
always returns an authorization code and AuthenticateHandler.handle()
always expects the authorization code and returns the access token.实际上是一个 NestJS 项目,所以我试图使用这个库,它基本上是
node-oauth2-server
的包装器,如果你看一下node-oauth2-server
,看起来它们只支持授权码,这是因为AuthorizeHandler.handle()
总是返回一个授权码,而AuthenticateHandler.handle()
总是需要授权码并返回访问令牌。 Basically I need to call the AuthenticateHandler.handle()
but instead of checking the authorization code, I must pass and check the client_id
and client_secret
.基本上我需要调用
AuthenticateHandler.handle()
但不是检查授权码,我必须通过并检查client_id
和client_secret
。
This is a recent issue which has the exact same issue than me: https://github.com/oauthjs/node-oauth2-server/issues/552这是最近的一个问题,与我的问题完全相同: https ://github.com/oauthjs/node-oauth2-server/issues/552
So, first, I want to confirm that I'm right and this lib have this implemented in a bad way, and second, is there any other nodejs lib that has client_credentials
built in?所以,首先,我想确认我是对的,并且这个库的实现方式很糟糕,其次,是否还有其他内置了
client_credentials
的 nodejs 库?
As you've mentioned that it doesn't support client_credentials
grant at the moment, you can still utilize the authorization code flow grant type internally to get the access token.正如您所提到的,它目前不支持
client_credentials
授权,您仍然可以在内部使用授权代码流授权类型来获取访问令牌。
authorization code
flow.authorization code
流。oauth code
.oauth code
准备令牌交换调用。access_token
.access_token
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.