如何使用oAuth验证restful Web服务
[英]How to authenticate restful web service using oAuth
问题描述
I want to do authentication in RESTful web service for every request. 
我想在RESTful Web服务中为每个请求进行身份验证。 I have read scope about OAuth in website. 我在网站上阅读了关于OAuth的范围。 What should I store in database or which token key or access key need to check with database? 我应该在数据库中存储什么,或者哪个令牌密钥或访问密钥需要与数据库一起检查? I have REST web serivce and android app to call web serivce. 我有REST web服务和Android应用程序来调用web服务。 So, Web service is served as a Service Provider, UserLogin is user and Android application as a Consumer like describe in Oauth site. 因此,Web服务作为服务提供者,UserLogin是用户和Android应用程序,如Oauth站点中描述的消费者。 So, if user request from android like 所以,如果用户请求来自android之类的
GET /username/a.jpg HTTP/1.1
Host: localhost:8080
Authorization: OAuth realm="http://localhost/username/a.jpg",
oauth_consumer_key="dpf43f3p2l4k3l03",
oauth_token="nnch734d00sl2jdk",
oauth_nonce="kllo9940pd9333jh",
oauth_timestamp="1191242096",
oauth_signature_method="HMAC-SHA1",
oauth_version="1.0",
oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D"
But from server side which is web service how to check with database or which key will be use to check? 但是从服务器端这是web服务如何检查数据库或将使用哪个密钥进行检查? is it signature? 是签名吗?
1 个解决方案
解决方案1
4 已采纳 2011-05-19 16:23:25
Read up on http://oauth.net/core/1.0/ .. specifically Appendix A.2 through A.4. 阅读http://oauth.net/core/1.0/ ..具体见附录A.2至A.4。 It describes the "handshake" that takes place when a service fails to get access, then redirects the user to the authentication website, then is returned back to the callback url. 它描述了当服务无法访问时发生的“握手”,然后将用户重定向到身份验证网站,然后返回到回调URL。
As you asked, in A.4, yes, the service then examines the signature and replies with an access token. 正如您所说,在A.4中,是的,该服务然后检查签名并使用访问令牌进行回复。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.