[英]Limiting the scopes of an OAuth 2.0 flow
I want to set up a OAuth 2.0 flow in my code.我想在我的代码中设置 OAuth 2.0 流。
I want my code, to be limited to specific scopes (even if someone accidentally writes some extra code to request additional ones).我希望我的代码仅限于特定范围(即使有人不小心编写了一些额外的代码来请求额外的代码)。
Let's assume I want my code to be able to only access photos in facebook.假设我希望我的代码只能访问 facebook 中的照片。
Is the only place to restrict the scope during the request to the authorisation server, eg是向授权服务器请求期间唯一限制范围的地方,例如
https://facebook.com/dialog/oauth?response_type=code&client_id=CLIENT_ID
&redirect_uri=REDIRECT_URI&scope=email&state=1234zyx
Or is there a way to enforce this restriction when issuing client_id
and client_secret
so that the following request will eventually fail?或者有没有办法在发出
client_id
和client_secret
时强制执行此限制,以便以下请求最终失败?
https://facebook.com/dialog/oauth?response_type=code&client_id=CLIENT_ID
&redirect_uri=REDIRECT_URI&scope=email,posts&state=1234zyx
My use case is for google APIs btw.我的用例是针对谷歌 API 的。
Not enough details provided to know what you are trying to accomplish;没有提供足够的详细信息来了解您要完成的工作; But generally:
但一般来说:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.