简体繁体 English

如何从网站提供OAuth服务。

[英]How to provide OAuth services from website.?

原文 2011-06-16 05:34:03 4 3 authentication/ oauth/ fedora/ oauth-provider

OAuth allows the you the User to grant access to his private resources on one site to another site. OAuth允许用户将访问其一个站点上的私有资源的权限授予另一个站点。 But how exactly does this happen. 但究竟是怎么发生的呢。 And if I want to provide OAuth features in my site, (both as Service Provider and consumer), how do I go about doing it. 如果我想在我的网站中提供OAuth功能（作为服务提供商和消费者），我该如何去做。 I'm using a Fedora 13 based server. 我正在使用基于Fedora 13的服务器。 And is it possible to configure Round Cube / Squirrel Mail to provide these Services. 是否可以配置Round Cube / Squirrel Mail来提供这些服务。 Like as of now all my users have mail account in the server, I want the credentials in the mail to be used to provide the OAuth Services. 就像现在所有用户都在服务器中拥有邮件帐户一样，我希望邮件中的凭据用于提供OAuth服务。

3 个解决方案

If you want to be a provider of data, then you have to implement OAuth server at your site and if you want to be consumer, you will have to implement OAuth client at your site. 如果您想成为数据提供商，那么您必须在您的网站上实施OAuth服务器，如果您想成为消费者，则必须在您的网站上实施OAuth客户端。

You should also read some articles and tutorials to gain a better understanding of the protocol, because it's a protocol that allows to protect APIs and that being said, everything connected with security should be well understood by the developer that is imeplementing it. 您还应该阅读一些文章和教程以更好地理解协议，因为它是一个允许保护API的协议，并且说，与安全相关的所有内容都应该被开发人员很好地理解。

In case that you're a provider, the 1.0 version of the protocol works in the following way: 如果您是提供者，协议的1.0版本按以下方式工作：

Consumer requires access to end-user's private data 消费者需要访问最终用户的私人数据
Provider issues a token to the consumer 提供者向消费者发放令牌
End-user authorizes the token 最终用户授权令牌
Consumer can make authorized requests with that token for end-users's private data 消费者可以使用该令牌为最终用户的私人数据发出授权请求

Good place to start is: http://hueniverse.com/oauth/ 开始的好地方是： http ： //hueniverse.com/oauth/

You can also read the RFC when you decide if you will implement 1.0a or 2.0 version of the protocol. 您还可以在决定是否实施1.0a或2.0版协议时阅读RFC。 I have implemented only 1.0a so far, so I cannot give advice to which is better. 到目前为止我只实现了1.0a，所以我不能给出更好的建议。 I guess the 2.0 version has more possibilities, and everyone says it's easier to implement. 我想2.0版本有更多的可能性，每个人都说它更容易实现。 As far for the easier, 1.0a is not difficult to implement also, because there are good open source libraries both for clients and servers and you can set up and run server or client for 1 day, if you understand the mechanics of the protocol. 至于容易实现，1.0a也不难实现，因为对于客户端和服务器都有良好的开源库，如果您了解协议的机制，则可以设置并运行服务器或客户端1天。

Of course, if you want to make a good server with different scopes of access, inheritance of scopes and if your API is complicated and extensible, you will have to do a lot more work there, no matter if you choose 1.0a or 2.0 OAuth version 当然，如果你想创建一个具有不同访问范围的良好服务器，范围的继承以及如果你的API复杂和可扩展，你将不得不在那里做更多的工作，无论你选择1.0a还是2.0 OAuth版

A simple example to demonstrate oauth flow. 一个简单的例子来演示oauth流程。 Understanding the concept helps to design accordingly: 理解这个概念有助于相应地设计： 在此输入图像描述

As for the "How will I do it?" 至于“我将如何做？”

There are lots of good libraries out there. 那里有很多好的图书馆。 Here is an excellent list: http://oauth.net/code/ 这是一个很好的列表： http ： //oauth.net/code/